<!doctype html><html lang="en"><head><script defer src="https://cdn.optimizely.com/js/16180790160.js"></script><title data-rh="true">A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor | by Liran Tal | Medium</title><meta data-rh="true" charset="utf-8"/><meta data-rh="true" name="viewport" content="width=device-width,minimum-scale=1,initial-scale=1,maximum-scale=1"/><meta data-rh="true" name="theme-color" content="#000000"/><meta data-rh="true" name="twitter:app:name:iphone" content="Medium"/><meta data-rh="true" name="twitter:app:id:iphone" content="828256236"/><meta data-rh="true" property="al:ios:app_name" content="Medium"/><meta data-rh="true" property="al:ios:app_store_id" content="828256236"/><meta data-rh="true" property="al:android:package" content="com.medium.reader"/><meta data-rh="true" property="fb:app_id" content="542599432471018"/><meta data-rh="true" property="og:site_name" content="Medium"/><meta data-rh="true" property="og:type" content="article"/><meta data-rh="true" property="article:published_time" content="2019-08-08T16:06:16.707Z"/><meta data-rh="true" name="title" content="A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor | by Liran Tal | Medium"/><meta data-rh="true" property="og:title" content="A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor"/><meta data-rh="true" property="twitter:title" content="A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor"/><meta data-rh="true" name="twitter:site" content="@Medium"/><meta data-rh="true" name="twitter:app:url:iphone" content="medium://p/40be813022bb"/><meta data-rh="true" property="al:android:url" content="medium://p/40be813022bb"/><meta data-rh="true" property="al:ios:url" content="medium://p/40be813022bb"/><meta data-rh="true" property="al:android:app_name" content="Medium"/><meta data-rh="true" name="description" content="Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the widely used event-stream package by user right9ctrl. Some time…"/><meta data-rh="true" property="og:description" content="Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the…"/><meta data-rh="true" property="twitter:description" content="Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the…"/><meta data-rh="true" property="og:url" content="https://lirantal.medium.com/a-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb"/><meta data-rh="true" property="al:web:url" content="https://lirantal.medium.com/a-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb"/><meta data-rh="true" property="og:image" content="https://miro.medium.com/max/1200/0*yO-HNQPj1qz2cgOY.png"/><meta data-rh="true" name="twitter:image:src" content="https://miro.medium.com/max/1200/0*yO-HNQPj1qz2cgOY.png"/><meta data-rh="true" name="twitter:card" content="summary_large_image"/><meta data-rh="true" property="article:author" content="https://lirantal.medium.com"/><meta data-rh="true" name="twitter:creator" content="@liran_tal"/><meta data-rh="true" name="author" content="Liran Tal"/><meta data-rh="true" name="robots" content="index,follow,max-image-preview:large"/><meta data-rh="true" name="referrer" content="unsafe-url"/><meta data-rh="true" name="twitter:label1" content="Reading time"/><meta data-rh="true" name="twitter:data1" content="7 min read"/><link data-rh="true" rel="search" type="application/opensearchdescription+xml" title="Medium" href="/osd.xml"/><link data-rh="true" rel="apple-touch-icon" sizes="152x152" href="https://miro.medium.com/fit/c/152/152/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="apple-touch-icon" sizes="120x120" href="https://miro.medium.com/fit/c/120/120/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="apple-touch-icon" sizes="76x76" href="https://miro.medium.com/fit/c/76/76/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="apple-touch-icon" sizes="60x60" href="https://miro.medium.com/fit/c/60/60/1*sHhtYhaCe2Uc3IU0IgKwIQ.png"/><link data-rh="true" rel="mask-icon" href="https://cdn-static-1.medium.com/_/fp/icons/Medium-Avatar-500x500.svg" color="#171717"/><link data-rh="true" rel="preconnect" href="https://glyph.medium.com" crossOrigin=""/><link data-rh="true" rel="preconnect" href="https://logx.optimizely.com"/><link data-rh="true" id="glyph_preload_link" rel="preload" as="style" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" id="glyph_link" rel="stylesheet" type="text/css" href="https://glyph.medium.com/css/unbound.css"/><link data-rh="true" rel="author" href="https://lirantal.medium.com"/><link data-rh="true" rel="canonical" href="https://lirantal.medium.com/a-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb"/><link data-rh="true" rel="alternate" href="android-app://com.medium.reader/https/medium.com/p/40be813022bb"/><script data-rh="true" type="application/ld+json">{"@context":"http:\u002F\u002Fschema.org","@type":"NewsArticle","image":["https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F1200\u002F0*yO-HNQPj1qz2cgOY.png"],"url":"https:\u002F\u002Flirantal.medium.com\u002Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb","dateCreated":"2018-12-06T17:39:09.000Z","datePublished":"2018-12-06T17:39:09.000Z","dateModified":"2021-12-06T23:17:15.045Z","headline":"A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor","name":"A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor","description":"Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the widely used event-stream package by user right9ctrl. Some time…","identifier":"40be813022bb","author":{"@type":"Person","name":"Liran Tal","url":"https:\u002F\u002Flirantal.medium.com"},"creator":["Liran Tal"],"publisher":{"@type":"Organization","name":"Medium","url":"https:\u002F\u002Flirantal.medium.com\u002F","logo":{"@type":"ImageObject","width":308,"height":60,"url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F616\u002F1*OMF3fSqH8t4xBJ9-6oZDZw.png"}},"mainEntityOfPage":"https:\u002F\u002Flirantal.medium.com\u002Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb"}</script><link rel="preload" href="https://cdn.optimizely.com/js/16180790160.js" as="script"><style type="text/css" data-fela-rehydration="508" data-fela-type="STATIC">html{box-sizing:border-box}*, *:before, *:after{box-sizing:inherit}body{margin:0;padding:0;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;color:rgba(0,0,0,0.8);position:relative;min-height:100vh}h1, h2, h3, h4, h5, h6, dl, dd, ol, ul, menu, figure, blockquote, p, pre, form{margin:0}menu, ol, ul{padding:0;list-style:none;list-style-image:none}main{display:block}a{color:inherit;text-decoration:none}a, button, input{-webkit-tap-highlight-color:transparent}img, svg{vertical-align:middle}button{background:transparent;overflow:visible}button, input, optgroup, select, textarea{margin:0}:root{--reach-tabs:1;--reach-menu-button:1}#speechify-root{font-family:Sohne, sans-serif}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="KEYFRAME">@-webkit-keyframes k1{from{filter:hue-rotate(0deg)}to{filter:hue-rotate(360deg)}}@-moz-keyframes k1{from{filter:hue-rotate(0deg)}to{filter:hue-rotate(360deg)}}@keyframes k1{from{filter:hue-rotate(0deg)}to{filter:hue-rotate(360deg)}}@-webkit-keyframes k2{0%{opacity:0;transform:translateY(-60px)}100%{opacity:1;transform:translateY(0px)}}@-moz-keyframes k2{0%{opacity:0;transform:translateY(-60px)}100%{opacity:1;transform:translateY(0px)}}@keyframes k2{0%{opacity:0;transform:translateY(-60px)}100%{opacity:1;transform:translateY(0px)}}@-webkit-keyframes k3{0%{opacity:1;transform:translateY(0px)}100%{opacity:0;transform:translateY(-60px)}}@-moz-keyframes k3{0%{opacity:1;transform:translateY(0px)}100%{opacity:0;transform:translateY(-60px)}}@keyframes k3{0%{opacity:1;transform:translateY(0px)}100%{opacity:0;transform:translateY(-60px)}}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE">.a{font-family:medium-content-sans-serif-font, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif}.b{font-weight:400}.c{background-color:rgba(255, 255, 255, 1)}.l{height:100vh}.m{width:100vw}.n{display:flex}.o{align-items:center}.p{justify-content:center}.q{height:25px}.r{fill:rgba(41, 41, 41, 1)}.s{display:block}.t{margin-bottom:36px}.v{padding-top:8px}.w{width:100%}.ab{flex:0 0 auto}.ac{justify-self:flex-end}.ae{z-index:500}.af{visibility:hidden}.ag{box-shadow:inset 0 -1px 0 rgba(230, 230, 230, 1)}.ah{min-height:115px}.ak{flex-direction:column}.al{display:none}.an{white-space:nowrap}.ao{border-bottom:1px solid rgba(230, 230, 230, 1)}.ap{position:relative}.av{max-width:1192px}.aw{min-width:0}.ax{height:62px}.ay{flex-direction:row}.az{flex:1 0 auto}.ba{margin-right:16px}.bb{font-family:sohne, "Helvetica Neue", Helvetica, Arial, sans-serif}.bc{font-size:14px}.bd{line-height:20px}.be{color:rgba(26, 137, 23, 1)}.bf{padding:7px 16px 9px}.bg{background:0}.bh{fill:rgba(26, 137, 23, 1)}.bi{border-color:rgba(26, 137, 23, 1)}.bn:disabled{cursor:inherit !important}.bo:disabled{opacity:0.3}.bp:disabled:hover{color:rgba(26, 137, 23, 1)}.bq:disabled:hover{fill:rgba(26, 137, 23, 1)}.br:disabled:hover{border-color:rgba(26, 137, 23, 1)}.bs{border-radius:99em}.bt{border-width:1px}.bu{border-style:solid}.bv{box-sizing:border-box}.bw{display:inline-block}.bx{text-decoration:none}.by{margin-left:0px}.bz{color:rgba(117, 117, 117, 1)}.ca{font-size:inherit}.cb{border:inherit}.cc{font-family:inherit}.cd{letter-spacing:inherit}.ce{font-weight:inherit}.cf{padding:0}.cg{margin:0}.ch:disabled{cursor:default}.ci:disabled{color:rgba(163, 208, 162, 0.5)}.cj:disabled{fill:rgba(163, 208, 162, 0.5)}.ck{justify-content:space-between}.cq{align-items:flex-start}.cr{margin-bottom:0px}.cs{margin-top:-32px}.ct{align-items:flex-end}.cu{flex-wrap:wrap}.cx{margin-top:32px}.cy{margin-right:24px}.da{font-weight:500}.db{font-size:27px}.dc{line-height:34px}.dd:before{margin-bottom:-14px}.de:before{content:""}.df:before{display:table}.dg:before{border-collapse:collapse}.dh:after{margin-top:-6px}.di:after{content:""}.dj:after{display:table}.dk:after{border-collapse:collapse}.dl{letter-spacing:0}.dm{color:rgba(25, 25, 25, 1)}.dn{word-break:break-word}.do{margin-bottom:-3px}.dp{margin-left:14px}.dq{margin-top:-3px}.dr{padding-top:1px}.ds{height:70px}.dt{font-size:16px}.du{line-height:24px}.dv:before{margin-bottom:-10px}.dw{margin-right:12px}.dx{display:inline-flex}.dy{color:inherit}.dz{fill:inherit}.ec:disabled{color:rgba(117, 117, 117, 1)}.ed:disabled{fill:rgba(117, 117, 117, 1)}.ee{margin-left:12px}.ef{position:absolute}.eg{right:24px}.eh{margin:0px}.ei{border:0px}.ej{padding:0px}.ek{cursor:pointer}.el{stroke:rgba(117, 117, 117, 1)}.eo{left:0}.ep{opacity:0}.eq{position:fixed}.er{right:0}.es{top:0}.eu{height:60px}.ex{height:100%}.fa{margin-left:16px}.fg{margin-left:auto}.fh{margin-right:auto}.fi{max-width:728px}.fj{background:rgba(255, 255, 255, 1)}.fk{border:1px solid rgba(230, 230, 230, 1)}.fl{border-radius:4px}.fm{box-shadow:0 1px 4px rgba(230, 230, 230, 1)}.fn{max-height:100vh}.fo{overflow-y:auto}.fp{top:calc(100vh + 100px)}.fq{bottom:calc(100vh + 100px)}.fr{width:10px}.fs{pointer-events:none}.ft{word-wrap:break-word}.fu:after{display:block}.fv:after{clear:both}.fw{max-width:680px}.fx{line-height:1.23}.fy{font-style:normal}.fz{font-weight:700}.gu{margin-bottom:-0.27em}.gv{color:rgba(41, 41, 41, 1)}.gz{border-radius:50%}.ha{height:28px}.hb{width:28px}.hc{margin-left:8px}.hd{margin:0 4px}.he{margin:0 7px}.hn{margin:0 6px 0 7px}.ho{line-height:1.58}.hp{letter-spacing:-0.004em}.hq{font-family:charter, Georgia, Cambria, "Times New Roman", Times, serif}.ig{margin-top:24px}.ih{margin-bottom:-0.46em}.ii{font-style:italic}.ij{background-color:rgba(242, 242, 242, 1)}.ik{padding:2px 4px}.il{font-size:75%}.im> strong{font-family:inherit}.in{font-family:Menlo, Monaco, "Courier New", Courier, monospace}.io{text-decoration:underline}.ip{line-height:1.12}.iq{letter-spacing:-0.022em}.jj{margin-bottom:-0.28em}.ju{max-width:1200px}.ka{clear:both}.kc{cursor:zoom-in}.kd{z-index:auto}.kf{transition:opacity 100ms 400ms}.kg{overflow:hidden}.kh{will-change:transform}.ki{transform:translateZ(0)}.kj{margin:auto}.kk{padding-bottom:71.28571428571428%}.kl{height:0}.km{filter:blur(20px)}.kn{transform:scale(1.1)}.ko{visibility:visible}.kp{max-width:930px}.kq{padding-bottom:57.85714285714286%}.kr{padding-bottom:51%}.ks{padding-bottom:58.42857142857143%}.kt{padding-bottom:65.28571428571429%}.ku{padding-bottom:41.857142857142854%}.kv{padding-bottom:54.42857142857143%}.kw{box-shadow:inset 3px 0 0 0 rgba(41, 41, 41, 1)}.kx{padding-left:23px}.ky{margin-left:-20px}.kz{margin-bottom:14px}.la{padding-top:24px}.lb{padding-bottom:10px}.lc{background-color:rgba(8, 8, 8, 1)}.ld{height:3px}.le{width:3px}.lf{margin-right:20px}.lg{will-change:opacity}.lh{width:188px}.li{left:50%}.lj{transform:translateX(406px)}.lk{top:calc(65px + 54px + 14px)}.ln{will-change:opacity, transform}.lo{transform:translateY(159px)}.lq{width:197px}.lr{margin-bottom:20px}.ls{padding-bottom:5px}.lt{padding-top:2px}.lu{padding-top:20px}.lv{color:rgba(255, 255, 255, 1)}.lw{fill:rgba(255, 255, 255, 1)}.lx{background:rgba(26, 137, 23, 1)}.lz:disabled:hover{background:rgba(26, 137, 23, 1)}.ma{stroke:rgba(242, 242, 242, 1)}.mb{height:36px}.mc{width:36px}.md{color:rgba(242, 242, 242, 1)}.me{fill:rgba(242, 242, 242, 1)}.mf{background:rgba(242, 242, 242, 1)}.mg{border-color:rgba(242, 242, 242, 1)}.mm{padding-top:32px}.mn{border-top:1px solid rgba(230, 230, 230, 1)}.mo{justify-content:space-evenly}.mu{-webkit-user-select:none}.mv{outline:0}.mw{border:0}.mx{user-select:none}.my> svg{pointer-events:none}.nj button{text-align:left}.nk{margin-top:2px}.nl{fill:rgba(61, 61, 61, 1)}.nm{opacity:1}.nn{margin-top:1px}.no{margin-top:40px}.np{padding-bottom:25px}.nq{margin-top:25px}.nr{max-width:155px}.ny{top:1px}.ob{margin-left:24px}.oc{margin-top:4px}.od{padding-bottom:40px}.oe{list-style-type:none}.of{margin-right:8px}.og{margin-bottom:8px}.oh{font-size:13px}.oi{line-height:22px}.oj{border-radius:3px}.ok{padding:5px 10px}.ol{padding-top:40px}.om{padding-bottom:4px}.on{background-color:rgba(250, 250, 250, 1)}.pd{text-overflow:ellipsis}.pe{display:-webkit-box}.pf{-webkit-line-clamp:2}.pg{-webkit-box-orient:vertical}.pi{padding-top:5px}.pj{padding-top:25px}.pp{max-width:100%}.pq{margin-bottom:40px}.pr{padding-bottom:16px}.ps{margin-bottom:24px}.ro{flex-grow:0}.rp{padding-bottom:24px}.rq{max-width:500px}.rr{flex:0 1 auto}.rt{padding-bottom:8px}.se{padding-bottom:100%}.bj:hover{color:rgba(15, 115, 12, 1)}.bk:hover{fill:rgba(15, 115, 12, 1)}.bl:hover{border-color:rgba(15, 115, 12, 1)}.bm:hover{cursor:pointer}.ea:hover{color:rgba(25, 25, 25, 1)}.eb:hover{fill:rgba(25, 25, 25, 1)}.ly:hover{background:rgba(15, 115, 12, 1)}.mh:hover{background:rgba(242, 242, 242, 1)}.mi:hover{border-color:rgba(242, 242, 242, 1)}.mj:hover{cursor:wait}.mk:hover{color:rgba(242, 242, 242, 1)}.ml:hover{fill:rgba(242, 242, 242, 1)}.nb:hover{fill:rgba(117, 117, 117, 1)}.sb:hover{text-decoration:underline}.ke:focus{transform:scale(1.01)}.na:focus{fill:rgba(117, 117, 117, 1)}.mz:active{border-style:none}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (min-width: 1080px)">.d{display:none}.x{display:flex}.au{margin:0 64px}.ff{padding:0 16px}.gq{font-size:46px}.gr{margin-top:0.6em}.gs{line-height:56px}.gt{letter-spacing:-0.011em}.hl{margin-left:30px}.id{font-size:21px}.ie{line-height:32px}.if{letter-spacing:-0.003em}.jf{font-size:30px}.jg{margin-top:1.95em}.jh{line-height:36px}.ji{letter-spacing:0}.jo{margin-top:0.86em}.jt{margin-top:2em}.jz{margin-top:56px}.mt{margin-right:5px}.ni{margin-top:0px}.nx{margin-top:5px}.oa{display:inline-block}.pa{font-size:20px}.pb{line-height:24px}.pc{max-height:48px}.po{margin:0}.qd{font-size:22px}.qe{line-height:28px}.qr{width:calc(100% + 32px)}.qs{margin-left:-16px}.qt{margin-right:-16px}.rk{padding-left:16px}.rl{padding-right:16px}.rm{flex-basis:25%}.rn{max-width:25%}.ry{font-size:16px}.rz{line-height:20px}.sn{min-width:70px}.so{min-height:70px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (max-width: 1079.98px)">.e{display:none}.hk{margin-left:30px}.nh{margin-top:0px}.nw{margin-top:5px}.nz{display:inline-block}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (max-width: 903.98px)">.f{display:none}.hj{margin-left:30px}.ng{margin-top:0px}.nu{display:inline-block}.nv{margin-top:5px}.rs{margin-right:16px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (max-width: 727.98px)">.g{display:none}.u{margin-bottom:20px}.ai{box-shadow:inset 0 -1px 0 rgba(230, 230, 230, 1)}.aj{min-height:230px}.am{display:block}.cl{min-height:98px}.cm{display:flex}.cn{align-items:flex-start}.co{flex-direction:column}.cp{justify-content:flex-end}.cv{margin-bottom:28px}.cw{margin-top:0px}.cz{margin-top:28px}.em{border-top:1px solid rgba(230, 230, 230, 1)}.en{border-bottom:1px solid rgba(230, 230, 230, 1)}.ey{align-items:center}.ez{flex:1 0 auto}.gx{margin-top:32px}.gy{flex-direction:column-reverse}.hh{margin-bottom:30px}.hi{margin-left:0px}.ne{margin-top:2px}.nf{margin-right:16px}.nt{display:inline-block}.pt{padding-bottom:12px}.pu{margin-top:16px}.sc{margin-left:16px}.sd{margin-right:0px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (max-width: 551.98px)">.h{display:none}.aq{margin:0 24px}.ev{display:block}.fb{padding:0 8px 24px 8px}.ga{font-size:32px}.gb{margin-top:0.64em}.gc{line-height:40px}.gd{letter-spacing:-0.016em}.gw{margin-top:32px}.hf{margin-bottom:30px}.hg{margin-left:0px}.hr{font-size:18px}.hs{line-height:28px}.ht{letter-spacing:-0.003em}.ir{font-size:22px}.is{margin-top:1.2em}.it{letter-spacing:0}.jk{margin-top:0.67em}.jp{margin-top:1.56em}.jv{margin-top:40px}.mp{margin-left:8px}.nc{margin-top:2px}.nd{margin-right:16px}.ns{display:inline-block}.oo{font-size:16px}.op{line-height:20px}.oq{max-height:40px}.pk{margin:0}.pv{font-size:20px}.pw{line-height:24px}.qf{width:calc(100% + 24px)}.qg{margin-left:-12px}.qh{margin-right:-12px}.qu{padding-left:12px}.qv{padding-right:12px}.qw{flex-basis:100%}.qx{max-width:100%}.sa{margin-bottom:0px}.sf{min-width:48px}.sg{min-height:48px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (min-width: 904px) and (max-width: 1079.98px)">.i{display:none}.y{display:flex}.at{margin:0 64px}.fe{padding:0 16px}.gm{font-size:46px}.gn{margin-top:0.6em}.go{line-height:56px}.gp{letter-spacing:-0.011em}.ia{font-size:21px}.ib{line-height:32px}.ic{letter-spacing:-0.003em}.jb{font-size:30px}.jc{margin-top:1.95em}.jd{line-height:36px}.je{letter-spacing:0}.jn{margin-top:0.86em}.js{margin-top:2em}.jy{margin-top:56px}.ms{margin-right:5px}.ox{font-size:20px}.oy{line-height:24px}.oz{max-height:48px}.pn{margin:0}.qb{font-size:22px}.qc{line-height:28px}.qo{width:calc(100% + 32px)}.qp{margin-left:-16px}.qq{margin-right:-16px}.rg{padding-left:16px}.rh{padding-right:16px}.ri{flex-basis:25%}.rj{max-width:25%}.rw{font-size:16px}.rx{line-height:20px}.sl{min-width:70px}.sm{min-height:70px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (min-width: 728px) and (max-width: 903.98px)">.j{display:none}.z{display:flex}.as{margin:0 48px}.fd{padding:0 16px}.gi{font-size:46px}.gj{margin-top:0.6em}.gk{line-height:56px}.gl{letter-spacing:-0.011em}.hx{font-size:21px}.hy{line-height:32px}.hz{letter-spacing:-0.003em}.ix{font-size:30px}.iy{margin-top:1.95em}.iz{line-height:36px}.ja{letter-spacing:0}.jm{margin-top:0.86em}.jr{margin-top:2em}.jx{margin-top:56px}.mr{margin-right:5px}.ou{font-size:20px}.ov{line-height:24px}.ow{max-height:48px}.pm{margin:0}.pz{font-size:22px}.qa{line-height:28px}.ql{width:calc(100% + 28px)}.qm{margin-left:-14px}.qn{margin-right:-14px}.rc{padding-left:14px}.rd{padding-right:14px}.re{flex-basis:50%}.rf{max-width:50%}.ru{font-size:16px}.rv{line-height:20px}.sj{min-width:48px}.sk{min-height:48px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (min-width: 552px) and (max-width: 727.98px)">.k{display:none}.ar{margin:0 24px}.ew{display:block}.fc{padding:0 8px 24px 8px}.ge{font-size:32px}.gf{margin-top:0.64em}.gg{line-height:40px}.gh{letter-spacing:-0.016em}.hu{font-size:18px}.hv{line-height:28px}.hw{letter-spacing:-0.003em}.iu{font-size:22px}.iv{margin-top:1.2em}.iw{letter-spacing:0}.jl{margin-top:0.67em}.jq{margin-top:1.56em}.jw{margin-top:40px}.mq{margin-left:8px}.or{font-size:16px}.os{line-height:20px}.ot{max-height:40px}.pl{margin:0}.px{font-size:20px}.py{line-height:24px}.qi{width:calc(100% + 24px)}.qj{margin-left:-12px}.qk{margin-right:-12px}.qy{padding-left:12px}.qz{padding-right:12px}.ra{flex-basis:100%}.rb{max-width:100%}.sh{min-width:48px}.si{min-height:48px}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="print">.hm{display:none}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="(prefers-reduced-motion: no-preference)">.et{animation:k3 .2s ease-in-out both}.kb{transition:transform 300ms cubic-bezier(0.2, 0, 0.2, 1)}.ll{transition:opacity 200ms}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (max-width: 1230px)">.lm{display:none}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="all and (max-width: 1240px)">.lp{display:none}</style><style type="text/css" data-fela-rehydration="508" data-fela-type="RULE" media="(orientation: landscape) and (max-width: 903.98px)">.ph{max-height:none}</style></head><body><div id="root"><div class="a b c"><div class="d e f g h i j k"></div><script>document.domain = document.domain;</script><div class="s"><div class="t s u"><div class="ag ah s ai aj"><div class="n ak"><div class="al am"><div class="ao s ap ae"><div class="n p"><div class="aq ar as at au av aw w"><div class="ax n o"><div class="n o ay az"><div><div class="ba s"><span><button class="bb b bc bd be bf bg bh bi bj bk bl bm bn bo bp bq br bs bt bu bv bw bx">Get started</button></span></div></div><div class="an"><div><div class="by al am"><span class="bb b bc bd bz"><a class="be bh ca cb cc cd ce cf cg bm bj bk ch ci cj" href="https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F40be813022bb&amp;%7Efeature=LoOpenInAppButton&amp;%7Echannel=ShowPostUnderUser&amp;%7Estage=mobileNavBar&amp;source=post_page-----40be813022bb-----------------------------------" rel="noopener follow">Open in app</a></span></div></div></div></div><a aria-label="Homepage" href="https://medium.com/?source=post_page-----40be813022bb-----------------------------------" rel="noopener follow"><svg viewBox="0 0 1043.63 592.71" class="q r"><g data-name="Layer 2"><g data-name="Layer 1"><path d="M588.67 296.36c0 163.67-131.78 296.35-294.33 296.35S0 460 0 296.36 131.78 0 294.34 0s294.33 132.69 294.33 296.36M911.56 296.36c0 154.06-65.89 279-147.17 279s-147.17-124.94-147.17-279 65.88-279 147.16-279 147.17 124.9 147.17 279M1043.63 296.36c0 138-23.17 249.94-51.76 249.94s-51.75-111.91-51.75-249.94 23.17-249.94 51.75-249.94 51.76 111.9 51.76 249.94"></path></g></g></svg></a></div></div></div></div></div><div class="n p"><div class="aq ar as at au av aw w"><div class="ah n o ay ck cl cm cn co cp"><div class="w n cq ck"><div class="v n w"><div class="cr cs w n ct ay cu cv cw cm cn co"><div class="cx cy s cz"><a aria-label="Author Homepage" rel="noopener follow" href="/?source=post_page-----40be813022bb-----------------------------------"><span class="bb da db dc dd de df dg dh di dj dk dl dm dn">Liran Tal</span></a></div></div></div><div class="x y z k h ab ac o ae af"><div><p class="bb b bc bd bz"><span><a class="be bh ca cb cc cd ce cf cg bm bj bk ch ci cj" href="https://medium.com/m/signin?operation=login&amp;redirect=https%3A%2F%2Flirantal.medium.com%2Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb&amp;source=post_page-----40be813022bb---------------------nav_reg--------------" rel="noopener follow">Sign in</a></span></p></div><div><div class="do dp dq cy s"><span><button class="bb b bc bd be bf bg bh bi bj bk bl bm bn bo bp bq br bs bt bu bv bw bx">Get started</button></span></div></div><a aria-label="Homepage" href="https://medium.com/?source=post_page-----40be813022bb-----------------------------------" rel="noopener follow"><svg viewBox="0 0 1043.63 592.71" class="q r"><g data-name="Layer 2"><g data-name="Layer 1"><path d="M588.67 296.36c0 163.67-131.78 296.35-294.33 296.35S0 460 0 296.36 131.78 0 294.34 0s294.33 132.69 294.33 296.36M911.56 296.36c0 154.06-65.89 279-147.17 279s-147.17-124.94-147.17-279 65.88-279 147.16-279 147.17 124.9 147.17 279M1043.63 296.36c0 138-23.17 249.94-51.76 249.94s-51.75-111.91-51.75-249.94 23.17-249.94 51.75-249.94 51.76 111.9 51.76 249.94"></path></g></g></svg></a></div></div></div></div></div></div><div class="s"><div class="n p"><div class="aq ar as at au av aw w"><div><div class="dr ds n o"><div class="s"><span class="bb b dt du dv de df dg dh di dj dk bz"><div class="n o"><div class="dw dx ak"><span class="bb b bc bd bz"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" rel="noopener follow" href="/followers?source=post_page-----40be813022bb-----------------------------------">648 Followers</a></span></div><div class="s h"></div><div class="s h"></div><div class="ee n ak h"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" rel="noopener follow" href="/about?source=post_page-----40be813022bb-----------------------------------">About</a></div></div></span></div><div class="al ef eg am"><button class="n o p eh ei ej ek" aria-label="Expand navbar"><svg width="14" height="14" class="el"><path d="M0 .5h14M0 7h14M0 13.5h14"></path></svg></button></div></div></div></div></div></div></div><div class="em en c eo ep eq er es af ae et"><div class="n p"><div class="aq ar as at au av aw w"><div class="eu w ev ew j i d es ae"><div class="ex n o"><div class="al cm ey ez"><div><span><button class="bb b bc bd be bf bg bh bi bj bk bl bm bn bo bp bq br bs bt bu bv bw bx">Get started</button></span></div><div><div class="fa al am"><span class="bb b bc bd bz"><a class="be bh ca cb cc cd ce cf cg bm bj bk ch ci cj" href="https://rsci.app.link/?%24canonical_url=https%3A%2F%2Fmedium.com%2Fp%2F40be813022bb&amp;%7Efeature=LoOpenInAppButton&amp;%7Echannel=ShowPostUnderUser&amp;%7Estage=mobileNavBar&amp;source=post_page-----40be813022bb-----------------------------------" rel="noopener follow">Open in app</a></span></div></div></div><a aria-label="Homepage" href="https://medium.com/?source=post_page-----40be813022bb-----------------------------------" rel="noopener follow"><svg viewBox="0 0 1043.63 592.71" class="q r"><g data-name="Layer 2"><g data-name="Layer 1"><path d="M588.67 296.36c0 163.67-131.78 296.35-294.33 296.35S0 460 0 296.36 131.78 0 294.34 0s294.33 132.69 294.33 296.36M911.56 296.36c0 154.06-65.89 279-147.17 279s-147.17-124.94-147.17-279 65.88-279 147.16-279 147.17 124.9 147.17 279M1043.63 296.36c0 138-23.17 249.94-51.76 249.94s-51.75-111.91-51.75-249.94 23.17-249.94 51.75-249.94 51.76 111.9 51.76 249.94"></path></g></g></svg></a></div></div></div></div></div></div><article><section class="fb fc fd fe ff fg fh w fi bv s"></section><span class="s"></span><div><div><div class="ef eo fp fq fr fs"></div><section class="dn ft fu di fv"><div class="n p"><div class="aq ar as at au fw aw w"><div class=""><h1 id="afd8" class="fx dl fy bb fz ga gb gc gd ge gf gg gh gi gj gk gl gm gn go gp gq gr gs gt gu gv">A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor</h1><div class="cx"><div class="n ck gw gx gy"><div class="o n"><div><a rel="noopener follow" href="/?source=post_page-----40be813022bb-----------------------------------"><img alt="Liran Tal" class="s gz ha hb" src="https://miro.medium.com/fit/c/56/56/0*ZMQpe1aeH7IhRziC." width="28" height="28"/></a></div><div class="hc w n cu"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><a class="" rel="noopener follow" href="/?source=post_page-----40be813022bb-----------------------------------"><p class="bb b bc bd be">Liran Tal</p></a></span></div></div><span class="bb b bc bd bz"><a class="" rel="noopener follow" href="/a-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb?source=post_page-----40be813022bb-----------------------------------"><p class="bb b bc bd bz"><span class="hd"></span><span>Dec 6, 2018</span><span class="he">·</span>7 min read</p></a></span></div></div><div class="n ct hf hg hh hi hj hk hl hm"><div class="n o"><div class="bw" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="bw" role="tooltip" aria-hidden="false"><button class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post"><svg width="25" height="25" class="r"><g fill-rule="evenodd"><path d="M15.6 5a.42.42 0 0 0 .17-.3.42.42 0 0 0-.12-.33l-2.8-2.79a.5.5 0 0 0-.7 0l-2.8 2.8a.4.4 0 0 0-.1.32c0 .12.07.23.16.3h.02a.45.45 0 0 0 .57-.04l2-2V10c0 .28.23.5.5.5s.5-.22.5-.5V2.93l2.02 2.02c.08.07.18.12.3.13.11.01.21-.02.3-.08v.01"></path><path d="M18 7h-1.5a.5.5 0 0 0 0 1h1.6c.5 0 .9.4.9.9v10.2c0 .5-.4.9-.9.9H6.9a.9.9 0 0 1-.9-.9V8.9c0-.5.4-.9.9-.9h1.6a.5.5 0 0 0 .35-.15A.5.5 0 0 0 9 7.5a.5.5 0 0 0-.15-.35A.5.5 0 0 0 8.5 7H7a2 2 0 0 0-2 2v10c0 1.1.9 2 2 2h11a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2"></path></g></svg></button></div></div></div><div class="hn s"></div></div></div></div></div></div><p id="3705" class="ho hp fy hq b hr hs ht hu hv hw hx hy hz ia ib ic id ie if ig ih dn gv">Last week the <em class="ii">imaginable</em> happened. A malicious package, flatmap-stream, was published to npm and was<span id="rmm"><span id="rmm"> </span></span>later added as a dependency to the widely used event-stream package by user <code class="ij ik il im in b">right9ctrl</code>. Some time, and 8 million downloads later, applications all over the web were unwittingly running malicious code in production. We wrote some <a class="dy io" href="https://snyk.io/blog/malicious-code-found-in-npm-package-event-stream" rel="noopener ugc nofollow" target="_blank">early thoughts on our blog last week</a>, moments after the incident came to light, but are now able to perform a deeper post-mortem including a timeline of the events as they took place. Thanks go to many others who also investigated this issue, and in particular GitHub user <code class="ij ik il im in b">maths22</code>, who reverse engineered the malicious code.</p><h1 id="a0ee" class="ip iq fy bb da ir is hs it iu iv hv iw ix iy iz ja jb jc jd je jf jg jh ji jj gv">What is the event-stream package?</h1><p id="1ba2" class="ho hp fy hq b hr jk hs ht hu jl hv hw hx jm hy hz ia jn ib ic id jo ie if ih dn gv">The event-stream package is a toolkit that provides utilities to creating and managing streams. Authored by Dominic Tarr (<code class="ij ik il im in b">~dominictarr</code> on npmjs), it is one of <a class="dy io" href="https://www.npmjs.com/~dominictarr" rel="noopener ugc nofollow" target="_blank">422 packages</a> he owns on npmjs. The event-stream package has a total of 84 releases, dating back to v0.5.2, in 2011, and having regular releases up until version 3.3.4, two years ago.</p><p id="7db3" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">Throughout event-steam’s total development, it received contributions from <a class="dy io" href="https://github.com/dominictarr/event-stream/graphs/contributors" rel="noopener ugc nofollow" target="_blank">33 different contributors</a>, but most of its contributions were delivered in its early days and has only reviewed minor changes since then:</p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh ju"><div class="kj s ap ij"><div class="kk kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*yO-HNQPj1qz2cgOY.png?q=20" width="700" height="499" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="499" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*yO-HNQPj1qz2cgOY.png" width="700" height="499" srcSet="https://miro.medium.com/max/552/0*yO-HNQPj1qz2cgOY.png 276w, https://miro.medium.com/max/1104/0*yO-HNQPj1qz2cgOY.png 552w, https://miro.medium.com/max/1280/0*yO-HNQPj1qz2cgOY.png 640w, https://miro.medium.com/max/1400/0*yO-HNQPj1qz2cgOY.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><p id="500c" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The project had received over 2000 stars, been forked 139 times and 62 GitHub users have signed-up for notifications on any changes happening in the project. The project was used by 3931 other packages (excluding scoped packages).</p><h1 id="f64f" class="ip iq fy bb da ir is hs it iu iv hv iw ix iy iz ja jb jc jd je jf jg jh ji jj gv">The Timeline of Events</h1><p id="f29c" class="ho hp fy hq b hr jk hs ht hu jl hv hw hx jm hy hz ia jn ib ic id jo ie if ih dn gv">Here is a timeline showing some of the major milestones in the project history, and the key moments during the malicious incident. We’ll look into each point on the timeline, and more, in detail below.</p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh kp"><div class="kj s ap ij"><div class="kq kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*invkHLtulBJ8BEYx.jpg?q=20" width="700" height="405" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="405" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*invkHLtulBJ8BEYx.jpg" width="700" height="405" srcSet="https://miro.medium.com/max/552/0*invkHLtulBJ8BEYx.jpg 276w, https://miro.medium.com/max/1104/0*invkHLtulBJ8BEYx.jpg 552w, https://miro.medium.com/max/1280/0*invkHLtulBJ8BEYx.jpg 640w, https://miro.medium.com/max/1400/0*invkHLtulBJ8BEYx.jpg 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><h1 id="fd61" class="ip iq fy bb da ir is hs it iu iv hv iw ix iy iz ja jb jc jd je jf jg jh ji jj gv">Chain of Events</h1><p id="5105" class="ho hp fy hq b hr jk hs ht hu jl hv hw hx jm hy hz ia jn ib ic id jo ie if ih dn gv">We’ll take a look at the chain of events which led up to the use of the malicious flatmap-stream package. These events were researched from public GitHub information, Google cache, and npm.</p><p id="7f96" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">31st July, 2015:</strong> GitHub user, <code class="ij ik il im in b">devinus</code>, <a class="dy io" href="https://github.com/dominictarr/event-stream/issues/73" rel="noopener ugc nofollow" target="_blank">comments on an issue</a> on the event-stream project questioning whether a flatmap functionality would be welcomed, to which the package maintainer, <code class="ij ik il im in b">dominictarr</code>, replies positively stating that a user contribution would be accepted:</p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh ju"><div class="kj s ap ij"><div class="kr kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*hrLmJn1ag3_kk4MT.png?q=20" width="700" height="357" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="357" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*hrLmJn1ag3_kk4MT.png" width="700" height="357" srcSet="https://miro.medium.com/max/552/0*hrLmJn1ag3_kk4MT.png 276w, https://miro.medium.com/max/1104/0*hrLmJn1ag3_kk4MT.png 552w, https://miro.medium.com/max/1280/0*hrLmJn1ag3_kk4MT.png 640w, https://miro.medium.com/max/1400/0*hrLmJn1ag3_kk4MT.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><p id="ff1e" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">We could speculate that the later to be discovered malicious user <code class="ij ik il im in b">right9ctrl</code> could well have used this information to plan and execute an elaborate social engineering attack on the project.</p><p id="8c4a" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">August 5, 2018:</strong> a user who identified as <em class="ii">“Antonio Macias”</em> in npm created and published a non-malicious package called flatmap-stream.</p><p id="5106" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">Next, Antonio Macias proposed that the event-stream project used in the flatmap package. GitHub user <code class="ij ik il im in b">right9ctrl</code> approached Dominic Tarr asking to assist with the project and to make the necessary changes to introduce the flatmap functionality, by pulling in the flatmap-stream dependency. Dominic accepted <code class="ij ik il im in b">right9ctrl</code>&#x27;s offer and makes them a contributor to the event-stream GitHub project, as well as gave <code class="ij ik il im in b">right9ctrl</code> full npm publishing rights for the module on the npm ecosystem. Dominic later confirmed during the incident report that he no longer had any publishing rights for the module on npm to remedy the incident (i.e. by removing the infected 3.3.6 version from npm)</p><p id="7e8c" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">Soon after, a series of innocuous commits were pushed by <code class="ij ik il im in b">right9ctrl</code> to the event-stream GitHub repository:</p><p id="b1c0" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">September 16, 2018:</strong> flatmap-stream was removed from the event-stream code in <a class="dy io" href="https://github.com/dominictarr/event-stream/commit/908fee5c65d4eb02809a84a1ebc3e5df1f935cd1" rel="noopener ugc nofollow" target="_blank">908</a> and from the dependency tree in <a class="dy io" href="https://github.com/dominictarr/event-stream/commit/2bd63d58fe24367372690c29c7249ed1c7145601" rel="noopener ugc nofollow" target="_blank">2bd</a> and released as a major version, 4.0.0</p><p id="b293" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">September 20, 2018:</strong> <code class="ij ik il im in b">right9ctrl</code> adds further cosmetic code changes that enhance the project&#x27;s keywords in <a class="dy io" href="https://github.com/dominictarr/event-stream/commit/60d0aa3def10c09ead68ee43804f244ffbd3b9c9" rel="noopener ugc nofollow" target="_blank">60d</a> to presumably further improve the search results on the official npmjs.com registry website</p><p id="e708" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">October 5, 2018:</strong> a new minor version flatmap-stream@0.1.1 was released with the injection attack in its minified source code. Installations of event-stream will now also fetch the new infected 0.1.1 version of flatmap as a transient dependency.</p><p id="80b3" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">There is no more evidence of any further work to the event-stream project by the <code class="ij ik il im in b">right9ctrl</code> user, whose profile has now been removed from GitHub and npm, although can still be <a class="dy io" href="https://webcache.googleusercontent.com/search?q=cache:Lyox1SZ96zAJ:https://github.com/right9ctrl+&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=il" rel="noopener ugc nofollow" target="_blank">accessed via Google cache</a> for introspection:</p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh ju"><div class="kj s ap ij"><div class="ks kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*HvJWdPWRuzsb7t7h.png?q=20" width="700" height="409" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="409" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*HvJWdPWRuzsb7t7h.png" width="700" height="409" srcSet="https://miro.medium.com/max/552/0*HvJWdPWRuzsb7t7h.png 276w, https://miro.medium.com/max/1104/0*HvJWdPWRuzsb7t7h.png 552w, https://miro.medium.com/max/1280/0*HvJWdPWRuzsb7t7h.png 640w, https://miro.medium.com/max/1400/0*HvJWdPWRuzsb7t7h.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><p id="a870" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">October 29, 2018:</strong> <code class="ij ik il im in b">jaydenseric</code> opened an <a class="dy io" href="https://github.com/remy/nodemon/issues/1442" rel="noopener ugc nofollow" target="_blank">issue against nodemon</a> reporting an unexpected deprecation warning. This message is in line with OpenSSL&#x27;s recommendation to use a more modern algorithm instead of <code class="ij ik il im in b">EVP_BytesToKey</code> it is recommended that developers derive a key and IV on their own using <code class="ij ik il im in b"><a class="dy io" href="https://docs.google.com/document/d/19g1krCBUjjPyz7mkKT-xNoJXIG_PQYcZCm0HfcH8DnM/edit" rel="noopener ugc nofollow" target="_blank">crypto.scrypt()</a></code><a class="dy io" href="https://docs.google.com/document/d/19g1krCBUjjPyz7mkKT-xNoJXIG_PQYcZCm0HfcH8DnM/edit" rel="noopener ugc nofollow" target="_blank"> and to use </a><code class="ij ik il im in b"><a class="dy io" href="https://docs.google.com/document/d/19g1krCBUjjPyz7mkKT-xNoJXIG_PQYcZCm0HfcH8DnM/edit" rel="noopener ugc nofollow" target="_blank">crypto.createDecipheriv()</a></code> to create the Decipher object.</p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh ju"><div class="kj s ap ij"><div class="kt kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*EqTRck-pZLeebpKv.png?q=20" width="700" height="457" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="457" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*EqTRck-pZLeebpKv.png" width="700" height="457" srcSet="https://miro.medium.com/max/552/0*EqTRck-pZLeebpKv.png 276w, https://miro.medium.com/max/1104/0*EqTRck-pZLeebpKv.png 552w, https://miro.medium.com/max/1280/0*EqTRck-pZLeebpKv.png 640w, https://miro.medium.com/max/1400/0*EqTRck-pZLeebpKv.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><p id="cdf6" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">November 19, 2018: <code class="ij ik il im in b">NewEraCracker</code> opened an issue <a class="dy io" href="https://github.com/remy/nodemon/issues/1451" rel="noopener ugc nofollow" target="_blank">against event-stream</a>.</p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh ju"><div class="kj s ap ij"><div class="ku kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*zfRMohqvUW-SCVXJ.png?q=20" width="700" height="293" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="293" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*zfRMohqvUW-SCVXJ.png" width="700" height="293" srcSet="https://miro.medium.com/max/552/0*zfRMohqvUW-SCVXJ.png 276w, https://miro.medium.com/max/1104/0*zfRMohqvUW-SCVXJ.png 552w, https://miro.medium.com/max/1280/0*zfRMohqvUW-SCVXJ.png 640w, https://miro.medium.com/max/1400/0*zfRMohqvUW-SCVXJ.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><p id="25fd" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">November 19, 2018:</strong> <code class="ij ik il im in b">NewEraCracker</code> opened an issue <a class="dy io" href="https://github.com/remy/nodemon/issues/1451" rel="noopener ugc nofollow" target="_blank">against nodemon.</a></p><figure class="jv jw jx jy jz ka fg fh paragraph-image"><div role="button" tabindex="0" class="kb kc ap kd w ke"><div class="fg fh ju"><div class="kj s ap ij"><div class="kv kl s"><div class="ep kf ef es eo ex w kg kh ki"><img alt="" class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/0*e1aKbPTeC3j6FXf0.png?q=20" width="700" height="381" role="presentation"/></div><img alt="" class="ep kf ef es eo ex w c" width="700" height="381" role="presentation"/><noscript><img alt="" class="ef es eo ex w" src="https://miro.medium.com/max/1400/0*e1aKbPTeC3j6FXf0.png" width="700" height="381" srcSet="https://miro.medium.com/max/552/0*e1aKbPTeC3j6FXf0.png 276w, https://miro.medium.com/max/1104/0*e1aKbPTeC3j6FXf0.png 552w, https://miro.medium.com/max/1280/0*e1aKbPTeC3j6FXf0.png 640w, https://miro.medium.com/max/1400/0*e1aKbPTeC3j6FXf0.png 700w" sizes="700px" role="presentation"/></noscript></div></div></div></div></figure><p id="2a17" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">November 20, 2018:</strong> <code class="ij ik il im in b">FallingSnow</code> <a class="dy io" href="https://github.com/remy/nodemon/issues/1442#issuecomment-440435714" rel="noopener ugc nofollow" target="_blank">suspects it&#x27;s an injection attack.</a></p><p id="f391" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">November 20, 2018:</strong> <code class="ij ik il im in b">FallingSnow</code> opens the <a class="dy io" href="https://github.com/dominictarr/event-stream/issues/116" rel="noopener ugc nofollow" target="_blank">issue against event-stream.</a></p><p id="a421" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">November 26, 2018:</strong> flatmap-stream package got removed from npm.</p><p id="8cc0" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><strong class="hq fz">November 27, 2018:</strong> Snyk published a <a class="dy io" href="https://snyk.io/blog/malicious-code-found-in-npm-package-event-stream" rel="noopener ugc nofollow" target="_blank">blog post</a> on the issue.</p><h1 id="41c8" class="ip iq fy bb da ir is hs it iu iv hv iw ix iy iz ja jb jc jd je jf jg jh ji jj gv">The Target: Copay</h1><p id="ad2d" class="ho hp fy hq b hr jk hs ht hu jl hv hw hx jm hy hz ia jn ib ic id jo ie if ih dn gv">Upon a more detailed inspection of the flatmap-stream code, we can see that this was a surgically targeted attack on <a class="dy io" href="https://copay.io/" rel="noopener ugc nofollow" target="_blank">Copay</a>, a secure bitcoin wallet platform.</p><p id="3e5a" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The malicious flatmap-stream code was downloaded millions of times, and executed many million more. The attackers could have done countless evil things here. But instead, their strategy was to wait for the opportunity to be executed when the Copay app was being built. They succeeded, and were built into Copay versions 5.0.2 to 5.1.0.</p><p id="e638" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The decryption code looked for the key in an environment variable named npm_package_description. This environment variable is set by npm in the root package’s description. It would be only be decrypted if the client application was the bitcoin wallet, Copay, which used the key to decrypt the payload as “A Secure Bitcoin Wallet”. The latter was found by <code class="ij ik il im in b">maths22</code> as he brute forced various npm package descriptions.</p><p id="90c7" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">To work this out, the user, <code class="ij ik il im in b">maths22</code>, <a class="dy io" href="https://github.com/dominictarr/event-stream/issues/116#issuecomment-441745006" rel="noopener ugc nofollow" target="_blank">enumerated over different npm package descriptions</a>, using them as keys, to decrypt the payload. However this wasn&#x27;t all, the second payload would execute upon running a <a class="dy io" href="https://github.com/bitpay/copay/blob/master/package.json#L70-L72" rel="noopener ugc nofollow" target="_blank">specific build commands</a>, essentially only when the ios, android, or desktop applications are being built.</p><p id="60ac" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The <a class="dy io" href="https://gist.github.com/jsoverson/3df528d4f0be857fe03c32dafc56a486#file-payload-c-js" rel="noopener ugc nofollow" target="_blank">third and final payload</a> is JavaScript code that will be injected into another dependency, namely <code class="ij ik il im in b">./node_modules/@zxing/library/esm5/core/common/reedsolomon/ReedSolomonDecoder.js</code>. This was then executed within the app itself, unlike the first two payloads which were executed during build time.</p><p id="8a9f" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The malicious code harvested Bitcoins along with the wallet private keys, if the wallet balance was above 100 Bitcoins or 1000 BHC (Bitcoin Cash). Copay issued the following advice to their users:</p><blockquote class="kw kx ky"><p id="c915" class="ho hp ii hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><em class="fy">Users should not attempt to move funds to new wallets by importing affected wallets’ twelve word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2–5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.</em></p></blockquote><p id="3b0b" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The further suggested that users “should assume” their private keys may have been compromised, and react by “immediately” moving any holdings to new, secure v5.2.0 wallets.</p><p id="2bb1" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">From the post-mortem of the events and the attack, we can see that this was a well planned and well executed attack, which was performed by professionals and likely took months of preparation.</p><h1 id="50b9" class="ip iq fy bb da ir is hs it iu iv hv iw ix iy iz ja jb jc jd je jf jg jh ji jj gv">Conclusion</h1><p id="a4ec" class="ho hp fy hq b hr jk hs ht hu jl hv hw hx jm hy hz ia jn ib ic id jo ie if ih dn gv">The series of events that have been described in this blog are another reminder of how fragile the open-source model can be if not respected. If widely used packages, such as event-stream, were supported by just a small proportion of those who consume it, and take value from it, the malicious takeover could easily have been avoided. The event-stream package was included as a dependency all over the npm ecosystem, being included in at least <a class="dy io" href="https://github.com/dominictarr/event-stream/files/2616706/flatmap-deps-list.txt" rel="noopener ugc nofollow" target="_blank">3931</a> packages as a dependency. Most notably, affecting top level packages such as: @vue/cli-ui, vscode, nodemon, and ps-tree.</p><p id="1784" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">The malicious package could have even remained unnoticed if not for the deprecation message that caused Jayden Seric to open an issue on the nodemon package. Otherwise, it’s likely it would have not been found for a long time.</p><p id="0898" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">Snyk are are big advocates for responsible disclosure and practice security research as part of their security culture and have a history of collaboration with open source project maintainers.</p><p id="ee1e" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv">If you discover a vulnerability that you would like to responsibly disclose Snyk would love to help if you send a <a class="dy io" href="https://snyk.io/vulnerability-disclosure" rel="noopener ugc nofollow" target="_blank">responsible disclosure form</a>.</p></div></div></section><div class="n p cx kz la lb" role="separator"><span class="lc gz bw ld le lf"></span><span class="lc gz bw ld le lf"></span><span class="lc gz bw ld le"></span></div><section class="dn ft fu di fv"><div class="n p"><div class="aq ar as at au fw aw w"><p id="90ac" class="ho hp fy hq b hr jp hs ht hu jq hv hw hx jr hy hz ia js ib ic id jt ie if ih dn gv"><em class="ii">Originally published at </em><a class="dy io" href="https://snyk.io/blog/a-post-mortem-of-the-malicious-event-stream-backdoor/" rel="noopener ugc nofollow" target="_blank"><em class="ii">https://snyk.io</em></a><em class="ii"> on December 6, 2018.</em></p></div></div></section></div></div></article><div class="ep fs eq ln w lo es ll lp" data-test-id="post-sidebar"><div class="n p"><div class="aq ar as at au av aw w"><div class="lq n ak"><div class="fs"><div><div class="lr s"><div class="ls s"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" rel="noopener follow" href="/?source=post_sidebar--------------------------post_sidebar--------------"><h2 class="bb da dt bd dl gv dn">Liran Tal</h2></a></div><div class="lt s"><p class="bb b bc bd bz">🥑Developer Advocate @snyksec | @NodeJS Security WG | 🛰️ @jsheroes ambassador | Author of Essential Node.js Security | ❤️ #opensource #web ☕🍕🎸</p></div><div class="lu n"><span><button class="bb b bc bd lv bf lw lx bi ly bl bm bn bo lz br bs bt bu bv bw bx">Follow</button></span><div class="hc s"><div><div><div class="bw" role="tooltip" aria-hidden="false"><div class="s"><span><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" href="https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff413753f9b3&amp;operation=register&amp;redirect=https%3A%2F%2Flirantal.medium.com%2Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb&amp;newsletterV3=43862af38199&amp;newsletterV3Id=f413753f9b3&amp;user=Liran+Tal&amp;userId=43862af38199&amp;source=post_sidebar-----40be813022bb---------------------subscribe_user--------------" rel="noopener follow"><button class="bb b bc bd md cf me mf mg mh mi mj mk ml bn bo lz br bs bt bu bv bw bx" aria-label="Subscribe"><svg width="38" height="38" viewBox="0 0 38 38" fill="none" class="ma mb mc"><rect x="26.25" y="9.25" width="0.5" height="6.5" rx="0.25" stroke-width="0.5"></rect><rect x="29.75" y="12.25" width="0.5" height="6.5" rx="0.25" transform="rotate(90 29.75 12.25)" stroke-width="0.5"></rect><path d="M19.5 12.5h-7a1 1 0 0 0-1 1v11a1 1 0 0 0 1 1h13a1 1 0 0 0 1-1v-5" stroke-linecap="round"></path><path d="M11.5 14.5L19 20l4-3" stroke-linecap="round"></path></svg></button></a></span></div></div></div></div></div></div></div><div class="mm mn w n o ay mo"><div class="lf n"><div class="n o ay"><div class="ap mp mq mr ms mt mu"><span><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F40be813022bb&amp;operation=register&amp;redirect=https%3A%2F%2Flirantal.medium.com%2Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb&amp;user=Liran+Tal&amp;userId=43862af38199&amp;source=post_sidebar-----40be813022bb---------------------clap_sidebar--------------" rel="noopener follow"><div class="cf mv mw mx ek my mz mu r na nb"><svg width="29" height="29" aria-label="clap"><g fill-rule="evenodd"><path d="M13.74 1l.76 2.97.76-2.97zM16.82 4.78l1.84-2.56-1.43-.47zM10.38 2.22l1.84 2.56-.41-3.03zM22.38 22.62a5.11 5.11 0 0 1-3.16 1.61l.49-.45c2.88-2.89 3.45-5.98 1.69-9.21l-1.1-1.94-.96-2.02c-.31-.67-.23-1.18.25-1.55a.84.84 0 0 1 .66-.16c.34.05.66.28.88.6l2.85 5.02c1.18 1.97 1.38 5.12-1.6 8.1M9.1 22.1l-5.02-5.02a1 1 0 0 1 .7-1.7 1 1 0 0 1 .72.3l2.6 2.6a.44.44 0 0 0 .63-.62L6.1 15.04l-1.75-1.75a1 1 0 1 1 1.41-1.41l4.15 4.15a.44.44 0 0 0 .63 0 .44.44 0 0 0 0-.62L6.4 11.26l-1.18-1.18a1 1 0 0 1 0-1.4 1.02 1.02 0 0 1 1.41 0l1.18 1.16L11.96 14a.44.44 0 0 0 .62 0 .44.44 0 0 0 0-.63L8.43 9.22a.99.99 0 0 1-.3-.7.99.99 0 0 1 .3-.7 1 1 0 0 1 1.41 0l7 6.98a.44.44 0 0 0 .7-.5l-1.35-2.85c-.31-.68-.23-1.19.25-1.56a.85.85 0 0 1 .66-.16c.34.06.66.28.88.6L20.63 15c1.57 2.88 1.07 5.54-1.55 8.16a5.62 5.62 0 0 1-5.06 1.65 9.35 9.35 0 0 1-4.93-2.72zM13 6.98l2.56 2.56c-.5.6-.56 1.41-.15 2.28l.26.56-4.25-4.25a.98.98 0 0 1-.12-.45 1 1 0 0 1 .29-.7 1.02 1.02 0 0 1 1.41 0zm8.89 2.06c-.38-.56-.9-.92-1.49-1.01a1.74 1.74 0 0 0-1.34.33c-.38.29-.61.65-.71 1.06a2.1 2.1 0 0 0-1.1-.56 1.78 1.78 0 0 0-.99.13l-2.64-2.64a1.88 1.88 0 0 0-2.65 0 1.86 1.86 0 0 0-.48.85 1.89 1.89 0 0 0-2.67-.01 1.87 1.87 0 0 0-.5.9c-.76-.75-2-.75-2.7-.04a1.88 1.88 0 0 0 0 2.66c-.3.12-.61.29-.87.55a1.88 1.88 0 0 0 0 2.66l.62.62a1.88 1.88 0 0 0-.9 3.16l5.01 5.02c1.6 1.6 3.52 2.64 5.4 2.96a7.16 7.16 0 0 0 1.18.1c1.03 0 2-.25 2.9-.7A5.9 5.9 0 0 0 23 23.24c3.34-3.34 3.08-6.93 1.74-9.17l-2.87-5.04z"></path></g></svg></div></a></span></div><div class="s nc nd ne nf ng nh ni"><div class="nj"><p class="bb b bc bd bz"><button class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed">11<!-- --> </button></p></div></div></div></div><div class="nk lf s"><div class="n"><button class="ek mw cf"><div class="n o ay"><div class="n o"><div><div class="bw" role="tooltip" aria-hidden="false"><svg width="25" height="25" aria-label="responses" class="nl nm ek nb"><path d="M19.07 21.12a6.33 6.33 0 0 1-3.53-1.1 7.8 7.8 0 0 1-.7-.52c-.77.21-1.57.32-2.38.32-4.67 0-8.46-3.5-8.46-7.8C4 7.7 7.79 4.2 12.46 4.2c4.66 0 8.46 3.5 8.46 7.8 0 2.06-.85 3.99-2.4 5.45a6.28 6.28 0 0 0 1.14 2.59c.15.21.17.48.06.7a.69.69 0 0 1-.62.38h-.03zm0-1v.5l.03-.5h-.03zm-3.92-1.64l.21.2a6.09 6.09 0 0 0 3.24 1.54 7.14 7.14 0 0 1-.83-1.84 5.15 5.15 0 0 1-.16-.75 2.4 2.4 0 0 1-.02-.29v-.23l.18-.15a6.6 6.6 0 0 0 2.3-4.96c0-3.82-3.4-6.93-7.6-6.93-4.19 0-7.6 3.11-7.6 6.93 0 3.83 3.41 6.94 7.6 6.94.83 0 1.64-.12 2.41-.35l.28-.08z" fill-rule="evenodd"></path></svg></div></div></div></div></button></div></div><div class="nn s"></div></div></div></div></div></div></div></div><div class="ep fs lg eq lh li lj lk ll lm"></div><div><div class="no ka n ak p"><div class="n p"><div class="aq ar as at au fw aw w"><div class="n cu"></div><div class="n o cu"></div><div class="np nq s"><div class="n ck hm"><div class="n o ay"><div class="nr s"><span class="s ns nt nu e d"><div class="n o ay"><div class="ap mp mq mr ms mt mu"><span><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F40be813022bb&amp;operation=register&amp;redirect=https%3A%2F%2Flirantal.medium.com%2Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb&amp;user=Liran+Tal&amp;userId=43862af38199&amp;source=post_actions_footer-----40be813022bb---------------------clap_footer--------------" rel="noopener follow"><div class="cf mv mw mx ek my mz mu r na nb"><svg width="25" height="25" viewBox="0 0 25 25" aria-label="clap"><g fill-rule="evenodd"><path d="M11.74 0l.76 2.97.76-2.97zM14.81 3.78l1.84-2.56-1.42-.47zM8.38 1.22l1.84 2.56L9.8.75zM20.38 21.62a5.11 5.11 0 0 1-3.16 1.61l.49-.45c2.88-2.89 3.45-5.98 1.69-9.21l-1.1-1.94-.96-2.02c-.31-.67-.23-1.18.25-1.55a.84.84 0 0 1 .66-.16c.34.05.66.28.88.6l2.85 5.02c1.18 1.97 1.38 5.12-1.6 8.1M7.1 21.1l-5.02-5.02a1 1 0 0 1 .7-1.7 1 1 0 0 1 .72.3l2.6 2.6a.44.44 0 0 0 .63-.62L4.1 14.04l-1.75-1.75a1 1 0 1 1 1.41-1.41l4.15 4.15a.44.44 0 0 0 .63 0 .44.44 0 0 0 0-.62L4.4 10.26 3.22 9.08a1 1 0 0 1 0-1.4 1.02 1.02 0 0 1 1.41 0l1.18 1.16L9.96 13a.44.44 0 0 0 .62 0 .44.44 0 0 0 0-.63L6.43 8.22a.99.99 0 0 1-.3-.7.99.99 0 0 1 .3-.7 1 1 0 0 1 1.41 0l7 6.98a.44.44 0 0 0 .7-.5l-1.35-2.85c-.31-.68-.23-1.19.25-1.56a.85.85 0 0 1 .66-.16c.34.06.66.28.88.6L18.63 14c1.57 2.88 1.07 5.54-1.55 8.16a5.62 5.62 0 0 1-5.06 1.65 9.35 9.35 0 0 1-4.93-2.72zM11 5.98l2.56 2.56c-.5.6-.56 1.41-.15 2.28l.26.56-4.25-4.25a.98.98 0 0 1-.12-.45 1 1 0 0 1 .29-.7 1.02 1.02 0 0 1 1.41 0zm8.89 2.06c-.38-.56-.9-.92-1.49-1.01a1.74 1.74 0 0 0-1.34.33c-.38.29-.61.65-.71 1.06a2.1 2.1 0 0 0-1.1-.56 1.78 1.78 0 0 0-.99.13l-2.64-2.64a1.88 1.88 0 0 0-2.65 0 1.86 1.86 0 0 0-.48.85 1.89 1.89 0 0 0-2.67-.01 1.87 1.87 0 0 0-.5.9c-.76-.75-2-.75-2.7-.04a1.88 1.88 0 0 0 0 2.66c-.3.12-.61.29-.87.55a1.88 1.88 0 0 0 0 2.66l.62.62a1.88 1.88 0 0 0-.9 3.16l5.01 5.02c1.6 1.6 3.52 2.64 5.4 2.96a7.16 7.16 0 0 0 1.18.1c1.03 0 2-.25 2.9-.7A5.9 5.9 0 0 0 21 22.24c3.34-3.34 3.08-6.93 1.74-9.17l-2.87-5.04z"></path></g></svg></div></a></span></div><div class="s nc nd ne nf nv nw nx"><div class="ap ny nj"><p class="bb b bc bd gv"><button class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed">11<span class="s h g f nz oa"> </span></button><span class="s h g f nz oa"></span></p></div></div></div></span><span class="s h g f nz oa"><div class="n o ay"><div class="ap mp mq mr ms mt mu"><span><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" href="https://medium.com/m/signin?actionUrl=https%3A%2F%2Fmedium.com%2F_%2Fvote%2Fp%2F40be813022bb&amp;operation=register&amp;redirect=https%3A%2F%2Flirantal.medium.com%2Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb&amp;user=Liran+Tal&amp;userId=43862af38199&amp;source=post_actions_footer-----40be813022bb---------------------clap_footer--------------" rel="noopener follow"><div class="cf mv mw mx ek my mz mu r na nb"><svg width="25" height="25" viewBox="0 0 25 25" aria-label="clap"><g fill-rule="evenodd"><path d="M11.74 0l.76 2.97.76-2.97zM14.81 3.78l1.84-2.56-1.42-.47zM8.38 1.22l1.84 2.56L9.8.75zM20.38 21.62a5.11 5.11 0 0 1-3.16 1.61l.49-.45c2.88-2.89 3.45-5.98 1.69-9.21l-1.1-1.94-.96-2.02c-.31-.67-.23-1.18.25-1.55a.84.84 0 0 1 .66-.16c.34.05.66.28.88.6l2.85 5.02c1.18 1.97 1.38 5.12-1.6 8.1M7.1 21.1l-5.02-5.02a1 1 0 0 1 .7-1.7 1 1 0 0 1 .72.3l2.6 2.6a.44.44 0 0 0 .63-.62L4.1 14.04l-1.75-1.75a1 1 0 1 1 1.41-1.41l4.15 4.15a.44.44 0 0 0 .63 0 .44.44 0 0 0 0-.62L4.4 10.26 3.22 9.08a1 1 0 0 1 0-1.4 1.02 1.02 0 0 1 1.41 0l1.18 1.16L9.96 13a.44.44 0 0 0 .62 0 .44.44 0 0 0 0-.63L6.43 8.22a.99.99 0 0 1-.3-.7.99.99 0 0 1 .3-.7 1 1 0 0 1 1.41 0l7 6.98a.44.44 0 0 0 .7-.5l-1.35-2.85c-.31-.68-.23-1.19.25-1.56a.85.85 0 0 1 .66-.16c.34.06.66.28.88.6L18.63 14c1.57 2.88 1.07 5.54-1.55 8.16a5.62 5.62 0 0 1-5.06 1.65 9.35 9.35 0 0 1-4.93-2.72zM11 5.98l2.56 2.56c-.5.6-.56 1.41-.15 2.28l.26.56-4.25-4.25a.98.98 0 0 1-.12-.45 1 1 0 0 1 .29-.7 1.02 1.02 0 0 1 1.41 0zm8.89 2.06c-.38-.56-.9-.92-1.49-1.01a1.74 1.74 0 0 0-1.34.33c-.38.29-.61.65-.71 1.06a2.1 2.1 0 0 0-1.1-.56 1.78 1.78 0 0 0-.99.13l-2.64-2.64a1.88 1.88 0 0 0-2.65 0 1.86 1.86 0 0 0-.48.85 1.89 1.89 0 0 0-2.67-.01 1.87 1.87 0 0 0-.5.9c-.76-.75-2-.75-2.7-.04a1.88 1.88 0 0 0 0 2.66c-.3.12-.61.29-.87.55a1.88 1.88 0 0 0 0 2.66l.62.62a1.88 1.88 0 0 0-.9 3.16l5.01 5.02c1.6 1.6 3.52 2.64 5.4 2.96a7.16 7.16 0 0 0 1.18.1c1.03 0 2-.25 2.9-.7A5.9 5.9 0 0 0 21 22.24c3.34-3.34 3.08-6.93 1.74-9.17l-2.87-5.04z"></path></g></svg></div></a></span></div><div class="s nc nd ne nf nv nw nx"><div class="nj"><p class="bb b bc bd gv"><button class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed">11<!-- --> </button></p></div></div></div></span></div><div class="ob n"><div class="n"><button class="ek mw cf"><div class="n o ay"><div class="n o"><div><div class="bw" role="tooltip" aria-hidden="false"><svg width="29" height="29" aria-label="responses" class="nl nm ek nb oc"><path d="M21.27 20.06a9.04 9.04 0 0 0 2.75-6.68C24.02 8.21 19.67 4 14.1 4S4 8.21 4 13.38c0 5.18 4.53 9.39 10.1 9.39 1 0 2-.14 2.95-.41.28.25.6.49.92.7a7.46 7.46 0 0 0 4.19 1.3c.27 0 .5-.13.6-.35a.63.63 0 0 0-.05-.65 8.08 8.08 0 0 1-1.29-2.58 5.42 5.42 0 0 1-.15-.75zm-3.85 1.32l-.08-.28-.4.12a9.72 9.72 0 0 1-2.84.43c-4.96 0-9-3.71-9-8.27 0-4.55 4.04-8.26 9-8.26 4.95 0 8.77 3.71 8.77 8.27 0 2.25-.75 4.35-2.5 5.92l-.24.21v.32a5.59 5.59 0 0 0 .21 1.29c.19.7.49 1.4.89 2.08a6.43 6.43 0 0 1-2.67-1.06c-.34-.22-.88-.48-1.16-.74z"></path></svg></div></div></div></div></button></div></div></div><div class="n o"><div class="bw" aria-hidden="false" aria-describedby="postFooterSocialMenu" aria-labelledby="postFooterSocialMenu"><div><div class="bw" role="tooltip" aria-hidden="false"><button class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" aria-controls="postFooterSocialMenu" aria-expanded="false" aria-label="Share Post"><svg width="25" height="25" class="r"><g fill-rule="evenodd"><path d="M15.6 5a.42.42 0 0 0 .17-.3.42.42 0 0 0-.12-.33l-2.8-2.79a.5.5 0 0 0-.7 0l-2.8 2.8a.4.4 0 0 0-.1.32c0 .12.07.23.16.3h.02a.45.45 0 0 0 .57-.04l2-2V10c0 .28.23.5.5.5s.5-.22.5-.5V2.93l2.02 2.02c.08.07.18.12.3.13.11.01.21-.02.3-.08v.01"></path><path d="M18 7h-1.5a.5.5 0 0 0 0 1h1.6c.5 0 .9.4.9.9v10.2c0 .5-.4.9-.9.9H6.9a.9.9 0 0 1-.9-.9V8.9c0-.5.4-.9.9-.9h1.6a.5.5 0 0 0 .35-.15A.5.5 0 0 0 9 7.5a.5.5 0 0 0-.15-.35A.5.5 0 0 0 8.5 7H7a2 2 0 0 0-2 2v10c0 1.1.9 2 2 2h11a2 2 0 0 0 2-2V9a2 2 0 0 0-2-2"></path></g></svg></button></div></div></div><div class="hn s ab"></div></div></div></div><div class="od nq s"><ul class="cf cg"><li class="bw oe of og"><a href="https://medium.com/tag/javascript" class="bb b oh oi bz oj ok bx s mf">JavaScript</a></li><li class="bw oe of og"><a href="https://medium.com/tag/security" class="bb b oh oi bz oj ok bx s mf">Security</a></li><li class="bw oe of og"><a href="https://medium.com/tag/web-development" class="bb b oh oi bz oj ok bx s mf">Web Development</a></li><li class="bw oe of og"><a href="https://medium.com/tag/infosec" class="bb b oh oi bz oj ok bx s mf">Infosec</a></li></ul></div><div class="ol s"></div></div></div><div><div class="n p"><div class="aq ar as at au fw aw w"></div></div><div class="s hm"><div class="om mm s on"><div class="n p"><div class="aq ar as at au fw aw w"><div class="n o ck"><h2 class="bb da oo op oq it or os ot iw ou ov ow ja ox oy oz je pa pb pc ji kg pd pe pf pg ph gv"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" rel="noopener follow" href="/?source=follow_footer-----40be813022bb-----------------------------------">More from Liran Tal</a></h2><div class="hc n"><span><button class="bb b bc bd lv bf lw lx bi ly bl bm bn bo lz br bs bt bu bv bw bx">Follow</button></span><div class="hc s"><div><div><div class="bw" role="tooltip" aria-hidden="false"><div class="s"><span><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed" href="https://medium.com/m/signin?actionUrl=%2F_%2Fapi%2Fsubscriptions%2Fnewsletters%2Ff413753f9b3&amp;operation=register&amp;redirect=https%3A%2F%2Flirantal.medium.com%2Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb&amp;newsletterV3=43862af38199&amp;newsletterV3Id=f413753f9b3&amp;user=Liran+Tal&amp;userId=43862af38199&amp;source=follow_footer-----40be813022bb---------------------subscribe_user--------------" rel="noopener follow"><button class="bb b bc bd md cf me mf mg mh mi mj mk ml bn bo lz br bs bt bu bv bw bx" aria-label="Subscribe"><svg width="38" height="38" viewBox="0 0 38 38" fill="none" class="ma mb mc"><rect x="26.25" y="9.25" width="0.5" height="6.5" rx="0.25" stroke-width="0.5"></rect><rect x="29.75" y="12.25" width="0.5" height="6.5" rx="0.25" transform="rotate(90 29.75 12.25)" stroke-width="0.5"></rect><path d="M19.5 12.5h-7a1 1 0 0 0-1 1v11a1 1 0 0 0 1 1h13a1 1 0 0 0 1-1v-5" stroke-linecap="round"></path><path d="M11.5 14.5L19 20l4-3" stroke-linecap="round"></path></svg></button></a></span></div></div></div></div></div></div></div><div class="pi s"><p class="bb b bc bd bz">🥑Developer Advocate @snyksec | @NodeJS Security WG | 🛰️ @jsheroes ambassador | Author of Essential Node.js Security | ❤️ #opensource #web ☕🍕🎸</p></div></div></div></div></div><div class="pj s on hm"><div class="n p"><div class="pk pl pm pn po pp aw w"></div></div></div><div class="s fj hm"><div class="n p"><div class="aq ar as at au av aw w"><div class="pq ig s"><div class="pr ao ps ig s pt pu"><h2 class="bb da pv pw it px py iw pz qa ja qb qc je qd qe ji gv">More From Medium</h2></div><div class="cq n ay cu qf qg qh qi qj qk ql qm qn qo qp qq qr qs qt"><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://medium.com/techfare/on-data-strategy-or-what-organisations-must-do-to-win-in-the-digital-economy-231ced02d9?source=post_internal_links---------0-------------------------------" rel="noopener follow">Data ownership or the core of a company</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://medium.com/@edoardo849?source=post_internal_links---------0-------------------------------" rel="noopener follow">Edo Scalafiotti</a><span> <!-- -->in<!-- --> <a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://medium.com/techfare?source=post_internal_links---------0-------------------------------" rel="noopener follow">Techfare</a></span></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://medium.com/techfare/on-data-strategy-or-what-organisations-must-do-to-win-in-the-digital-economy-231ced02d9?source=post_internal_links---------0-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*OhJvFbB6stdz82QiCRfEcg.jpeg?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*OhJvFbB6stdz82QiCRfEcg.jpeg" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*OhJvFbB6stdz82QiCRfEcg.jpeg 48w, https://miro.medium.com/fit/c/140/140/1*OhJvFbB6stdz82QiCRfEcg.jpeg 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://medium.com/cybrq-blog/lets-rethink-false-positives-fc10f0b4fdd8?source=post_internal_links---------1-------------------------------" rel="noopener follow">Let’s Rethink False Positives</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://medium.com/@cybrqstaff?source=post_internal_links---------1-------------------------------" rel="noopener follow">CybrQ Staff</a><span> <!-- -->in<!-- --> <a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://medium.com/cybrq-blog?source=post_internal_links---------1-------------------------------" rel="noopener follow">CybrQ Blog</a></span></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://medium.com/cybrq-blog/lets-rethink-false-positives-fc10f0b4fdd8?source=post_internal_links---------1-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*_4N68uBxjHbuXqZKftyV-w.jpeg?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*_4N68uBxjHbuXqZKftyV-w.jpeg" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*_4N68uBxjHbuXqZKftyV-w.jpeg 48w, https://miro.medium.com/fit/c/140/140/1*_4N68uBxjHbuXqZKftyV-w.jpeg 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://dexcorefinance.medium.com/airdrop-announcement-ffc470bbcc7?source=post_internal_links---------2-------------------------------" rel="noopener follow">AIRDROP ANNOUNCEMENT</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://dexcorefinance.medium.com/?source=post_internal_links---------2-------------------------------" rel="noopener follow">Dexcorefinance</a></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://dexcorefinance.medium.com/airdrop-announcement-ffc470bbcc7?source=post_internal_links---------2-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*zSKF8cUniXgdRPaNnU8Dmw.png?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*zSKF8cUniXgdRPaNnU8Dmw.png" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*zSKF8cUniXgdRPaNnU8Dmw.png 48w, https://miro.medium.com/fit/c/140/140/1*zSKF8cUniXgdRPaNnU8Dmw.png 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://heroistic1966.medium.com/update-4-images-1-mot-francais-hack-free-resources-generator-775c2faf8fa?source=post_internal_links---------3-------------------------------" rel="noopener follow">{UPDATE} 4 Images 1 Mot Francais Hack Free Resources Generator</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://heroistic1966.medium.com/?source=post_internal_links---------3-------------------------------" rel="noopener follow">Amelina Dagmar</a></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://heroistic1966.medium.com/update-4-images-1-mot-francais-hack-free-resources-generator-775c2faf8fa?source=post_internal_links---------3-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png 48w, https://miro.medium.com/fit/c/140/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://capgtuavesober.medium.com/crypto-random-osrng-winrandom-eb3ab8c7aa34?source=post_internal_links---------4-------------------------------" rel="noopener follow">Crypto Random Osrng Winrandom</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://capgtuavesober.medium.com/?source=post_internal_links---------4-------------------------------" rel="noopener follow">Vicki</a></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://capgtuavesober.medium.com/crypto-random-osrng-winrandom-eb3ab8c7aa34?source=post_internal_links---------4-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png 48w, https://miro.medium.com/fit/c/140/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://medium.com/@aoora.official.01/weeklyroadmap-hi-all-f251c223eefa?source=post_internal_links---------5-------------------------------" rel="noopener follow">#weeklyRoadMap
Hi all!</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://medium.com/@aoora.official.01?source=post_internal_links---------5-------------------------------" rel="noopener follow">Aoora.co</a></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://medium.com/@aoora.official.01/weeklyroadmap-hi-all-f251c223eefa?source=post_internal_links---------5-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg 48w, https://miro.medium.com/fit/c/140/140/1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://doke1977.medium.com/update-%D9%87%D8%AC%D9%88%D9%84%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D8%B5%D8%AD%D8%B1%D8%A7%D8%A1-hack-free-resources-generator-f897b5a5c962?source=post_internal_links---------6-------------------------------" rel="noopener follow">{UPDATE} هجولة في الصحراء Hack Free Resources Generator</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://doke1977.medium.com/?source=post_internal_links---------6-------------------------------" rel="noopener follow">Juana Hettie</a></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://doke1977.medium.com/update-%D9%87%D8%AC%D9%88%D9%84%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D8%B5%D8%AD%D8%B1%D8%A7%D8%A1-hack-free-resources-generator-f897b5a5c962?source=post_internal_links---------6-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*hn4v1tCaJy7cWMyb0bpNpQ.png?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png 48w, https://miro.medium.com/fit/c/140/140/1*hn4v1tCaJy7cWMyb0bpNpQ.png 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div><div class="qu qv qw qx qy qz ra rb rc rd re rf rg rh ri rj rk rl rm rn ro"><div class="rp rq s"><div class="w ex"><div class="n ck"><div class="s rr nd nf rs"><div class="rt s"><h2 class="bb da oo op it or os iw ru rv ja rw rx je ry rz ji gv"><a href="https://mail-28996.medium.com/risk-management-just-another-buzzword-3262d71156ee?source=post_internal_links---------7-------------------------------" rel="noopener follow">Risk Management — Just another Buzzword?</a></h2></div><div class="o n"><div></div><div class="w s"><div class="n"><div style="flex:1"><span class="bb b bc bd gv"><div class="cr n o sa"><span class="bb b oh bd gv"><a class="dy dz ca cb cc cd ce cf cg bm sb ch ec ed" href="https://mail-28996.medium.com/?source=post_internal_links---------7-------------------------------" rel="noopener follow">Diane Abela</a></span></div></span></div></div></div></div></div><div class="ee of s sc sd"><a class="dy dz ca cb cc cd ce cf cg bm ea eb ch ec ed s" href="https://mail-28996.medium.com/risk-management-just-another-buzzword-3262d71156ee?source=post_internal_links---------7-------------------------------" rel="noopener follow"><div class="kj s ap ij"><div class="se kl s"><div class="ep kf ef es eo ex w kg kh ki"><img class="ef es eo ex w km kn ko" src="https://miro.medium.com/max/60/1*C5AOQcpWW_aRUDFtWc4Asw.jpeg?q=20" width="70" height="70" role="presentation"/></div><img class="ep kf sf sg sh si sj sk sl sm sn so c" width="70" height="70" role="presentation"/><noscript><img class="sf sg sh si sj sk sl sm sn so" src="https://miro.medium.com/fit/c/140/140/1*C5AOQcpWW_aRUDFtWc4Asw.jpeg" width="70" height="70" srcSet="https://miro.medium.com/fit/c/96/140/1*C5AOQcpWW_aRUDFtWc4Asw.jpeg 48w, https://miro.medium.com/fit/c/140/140/1*C5AOQcpWW_aRUDFtWc4Asw.jpeg 70w" sizes="70px" role="presentation"/></noscript></div></div></a></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><script>window.__BUILD_ID__="main-20211223-174047-cbedb4c9dd"</script><script>window.__GRAPHQL_URI__ = "https://lirantal.medium.com/_/graphql"</script><script>window.__PRELOADED_STATE__ = {"algolia":{"queries":{}},"auroraPage":{"isAuroraPageEnabled":true},"bookReader":{"assets":{},"reader":{"currentAsset":null,"currentGFI":null,"settingsPanelIsOpen":false,"settings":{"fontFamily":"CHARTER","fontScale":"M","publisherStyling":false,"textAlignment":"start","theme":"White","lineSpacing":0,"wordSpacing":0,"letterSpacing":0},"internalNavCounter":0,"currentSelection":null}},"cache":{"experimentGroupSet":true,"reason":"","group":"enabled","tags":["group-edgeCachePosts","post-40be813022bb","user-43862af38199"],"serverVariantState":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","middlewareEnabled":true,"cacheStatus":"DYNAMIC","shouldUseCache":true,"vary":[]},"client":{"hydrated":false,"isUs":false,"isNativeMedium":false,"isSafariMobile":false,"isSafari":false,"routingEntity":{"type":"USER","id":"43862af38199","explicit":true},"viewerIsBot":false},"debug":{"requestId":"1774ec52-1b81-46e9-9e23-17406213af98","hybridDevServices":[],"showBookReaderDebugger":false,"originalSpanCarrier":{"ot-tracer-spanid":"3cef78be2798907b","ot-tracer-traceid":"6b567b4544c5ecd3","ot-tracer-sampled":"true"}},"multiVote":{"clapsPerPost":{}},"navigation":{"branch":{"show":null,"hasRendered":null,"blockedByCTA":false},"hideGoogleOneTap":false,"hasRenderedGoogleOneTap":null,"hasRenderedAlternateUserBanner":null,"currentLocation":"https:\u002F\u002Flirantal.medium.com\u002Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb","host":"lirantal.medium.com","hostname":"lirantal.medium.com","referrer":"","hasSetReferrer":false,"susiModal":{"step":null,"operation":"register"},"postRead":false,"queryString":"","currentHash":""},"tracing":{},"userOnboarding":{"showFirstBookPurchaseTooltip":false},"config":{"nodeEnv":"production","version":"main-20211223-174047-cbedb4c9dd","isTaggedVersion":false,"isMediumDotApp":false,"isMediumDotAppVariant":false,"target":"production","productName":"Medium","publicUrl":"https:\u002F\u002Fcdn-client.medium.com\u002Flite","authDomain":"medium.com","authGoogleClientId":"216296035834-k1k6qe060s2tp2a2jam4ljdcms00sttg.apps.googleusercontent.com","favicon":"production","glyphUrl":"https:\u002F\u002Fglyph.medium.com","branchKey":"key_live_ofxXr2qTrrU9NqURK8ZwEhknBxiI6KBm","lightStep":{"name":"lite-web","host":"lightstep.medium.systems","token":"ce5be895bef60919541332990ac9fef2","appVersion":"main-20211223-174047-cbedb4c9dd","disableClientReporting":true},"algolia":{"appId":"MQ57UUUQZ2","apiKeySearch":"394474ced050e3911ae2249ecc774921","indexPrefix":"medium_","host":"-dsn.algolia.net"},"recaptchaKey":"6Lfc37IUAAAAAKGGtC6rLS13R1Hrw_BqADfS1LRk","recaptcha3Key":"6Lf8R9wUAAAAABMI_85Wb8melS7Zj6ziuf99Yot5","datadog":{"applicationId":"6702d87d-a7e0-42fe-bbcb-95b469547ea0","clientToken":"pub853ea8d17ad6821d9f8f11861d23dfed","rumToken":"pubf9cc52896502b9413b68ba36fc0c7162","context":{"deployment":{"target":"production","tag":"main-20211223-174047-cbedb4c9dd","commit":"cbedb4c9dd15d8c793d64ade5f5e96d3f1e91137"}},"datacenter":"us"},"googleAnalyticsCode":"UA-24232453-2","googlePay":{"apiVersion":"2","apiVersionMinor":"0","merchantId":"BCR2DN6TV7EMTGBM","merchantName":"Medium","instanceMerchantId":"13685562959212738550"},"applePay":{"version":3},"signInWallCustomDomainCollectionIds":["3a8144eabfe3","336d898217ee","61061eb0c96b","138adf9c44c","819cc2aaeee0"],"mediumOwnedAndOperatedCollectionIds":["8a9336e5bb4","b7e45b22fec3","193b68bd4fba","8d6b8a439e32","54c98c43354d","3f6ecf56618","d944778ce714","92d2092dc598","ae2a65f35510","1285ba81cada","544c7006046e","fc8964313712","40187e704f1c","88d9857e584e","7b6769f2748b","bcc38c8f6edf","cef6983b292","cb8577c9149e","444d13b52878","713d7dbc99b0","ef8e90590e66","191186aaafa0","55760f21cdc5","9dc80918cc93","bdc4052bbdba","8ccfed20cbb2"],"tierOneDomains":["medium.com","thebolditalic.com","arcdigital.media","towardsdatascience.com","uxdesign.cc","codeburst.io","psiloveyou.xyz","writingcooperative.com","entrepreneurshandbook.co","prototypr.io","betterhumans.coach.me","theascent.pub"],"topicsToFollow":["d61cf867d93f","8a146bc21b28","1eca0103fff3","4d562ee63426","aef1078a3ef5","e15e46793f8d","6158eb913466","55f1c20aba7a","3d18b94f6858","4861fee224fd","63c6f1f93ee","1d98b3a9a871","decb52b64abf","ae5d4995e225","830cded25262"],"topicToTagMappings":{"accessibility":"accessibility","addiction":"addiction","android-development":"android-development","art":"art","artificial-intelligence":"artificial-intelligence","astrology":"astrology","basic-income":"basic-income","beauty":"beauty","biotech":"biotech","blockchain":"blockchain","books":"books","business":"business","cannabis":"cannabis","cities":"cities","climate-change":"climate-change","comics":"comics","coronavirus":"coronavirus","creativity":"creativity","cryptocurrency":"cryptocurrency","culture":"culture","cybersecurity":"cybersecurity","data-science":"data-science","design":"design","digital-life":"digital-life","disability":"disability","economy":"economy","education":"education","equality":"equality","family":"family","feminism":"feminism","fiction":"fiction","film":"film","fitness":"fitness","food":"food","freelancing":"freelancing","future":"future","gadgets":"gadgets","gaming":"gaming","gun-control":"gun-control","health":"health","history":"history","humor":"humor","immigration":"immigration","ios-development":"ios-development","javascript":"javascript","justice":"justice","language":"language","leadership":"leadership","lgbtqia":"lgbtqia","lifestyle":"lifestyle","machine-learning":"machine-learning","makers":"makers","marketing":"marketing","math":"math","media":"media","mental-health":"mental-health","mindfulness":"mindfulness","money":"money","music":"music","neuroscience":"neuroscience","nonfiction":"nonfiction","outdoors":"outdoors","parenting":"parenting","pets":"pets","philosophy":"philosophy","photography":"photography","podcasts":"podcast","poetry":"poetry","politics":"politics","privacy":"privacy","product-management":"product-management","productivity":"productivity","programming":"programming","psychedelics":"psychedelics","psychology":"psychology","race":"race","relationships":"relationships","religion":"religion","remote-work":"remote-work","san-francisco":"san-francisco","science":"science","self":"self","self-driving-cars":"self-driving-cars","sexuality":"sexuality","social-media":"social-media","society":"society","software-engineering":"software-engineering","space":"space","spirituality":"spirituality","sports":"sports","startups":"startup","style":"style","technology":"technology","transportation":"transportation","travel":"travel","true-crime":"true-crime","tv":"tv","ux":"ux","venture-capital":"venture-capital","visual-design":"visual-design","work":"work","world":"world","writing":"writing"},"defaultImages":{"avatar":{"imageId":"1*dmbNkD5D-u45r44go_cf0g.png","height":150,"width":150},"orgLogo":{"imageId":"1*OMF3fSqH8t4xBJ9-6oZDZw.png","height":106,"width":545},"postLogo":{"imageId":"1*kFrc4tBFM_tCis-2Ic87WA.png","height":810,"width":1440},"postPreviewImage":{"imageId":"1*hn4v1tCaJy7cWMyb0bpNpQ.png","height":386,"width":579}},"collectionStructuredData":{"8d6b8a439e32":{"name":"Elemental","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F980\u002F1*9ygdqoKprhwuTVKUM0DLPA@2x.png","width":980,"height":159}}},"3f6ecf56618":{"name":"Forge","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F596\u002F1*uULpIlImcO5TDuBZ6lm7Lg@2x.png","width":596,"height":183}}},"ae2a65f35510":{"name":"GEN","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F264\u002F1*RdVZMdvfV3YiZTw6mX7yWA.png","width":264,"height":140}}},"88d9857e584e":{"name":"LEVEL","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*JqYMhNX6KNNb2UlqGqO2WQ.png","width":540,"height":108}}},"7b6769f2748b":{"name":"Marker","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fcdn-images-1.medium.com\u002Fmax\u002F383\u002F1*haCUs0wF6TgOOvfoY-jEoQ@2x.png","width":383,"height":92}}},"444d13b52878":{"name":"OneZero","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*cw32fIqCbRWzwJaoQw6BUg.png","width":540,"height":123}}},"8ccfed20cbb2":{"name":"Zora","data":{"@type":"NewsMediaOrganization","ethicsPolicy":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Farticles\u002F360043290473","logo":{"@type":"ImageObject","url":"https:\u002F\u002Fmiro.medium.com\u002Fmax\u002F540\u002F1*tZUQqRcCCZDXjjiZ4bDvgQ.png","width":540,"height":106}}}},"embeddedPostIds":{"coronavirus":"cd3010f9d81f"},"sharedCdcMessaging":{"COVID_APPLICABLE_TAG_SLUGS":[],"COVID_APPLICABLE_TOPIC_NAMES":[],"COVID_APPLICABLE_TOPIC_NAMES_FOR_TOPIC_PAGE":[],"COVID_MESSAGES":{"tierA":{"text":"For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":66,"end":73,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"tierB":{"text":"Anyone can publish on Medium per our Policies, but we don’t fact-check every story. For more info about the coronavirus, see cdc.gov.","markups":[{"start":37,"end":45,"href":"https:\u002F\u002Fhelp.medium.com\u002Fhc\u002Fen-us\u002Fcategories\u002F201931128-Policies-Safety"},{"start":125,"end":132,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"paywall":{"text":"This article has been made free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":56,"end":70,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":138,"end":145,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]},"unbound":{"text":"This article is free for everyone, thanks to Medium Members. For more information on the novel coronavirus and Covid-19, visit cdc.gov.","markups":[{"start":45,"end":59,"href":"https:\u002F\u002Fmedium.com\u002Fmembership"},{"start":127,"end":134,"href":"https:\u002F\u002Fwww.cdc.gov\u002Fcoronavirus\u002F2019-nCoV"}]}},"COVID_BANNER_POST_ID_OVERRIDE_WHITELIST":["3b31a67bff4a"]},"sharedVoteMessaging":{"TAGS":["politics","election-2020","government","us-politics","election","2020-presidential-race","trump","donald-trump","democrats","republicans","congress","republican-party","democratic-party","biden","joe-biden","maga"],"TOPICS":["politics","election"],"MESSAGE":{"text":"Find out more about the U.S. election results here.","markups":[{"start":46,"end":50,"href":"https:\u002F\u002Fcookpolitical.com\u002F2020-national-popular-vote-tracker"}]},"EXCLUDE_POSTS":["397ef29e3ca5"]},"embedPostRules":[],"recircOptions":{"v1":{"limit":3},"v2":{"limit":8}},"braintreeClientKey":"production_zjkj96jm_m56f8fqpf7ngnrd4","braintree":{"enabled":true,"merchantId":"m56f8fqpf7ngnrd4","merchantAccountId":{"usd":"AMediumCorporation_instant","eur":"amediumcorporation_EUR"},"publicKey":"cwr8xtycwgjryv82","braintreeEnvironment":"production","dashboardUrl":"https:\u002F\u002Fwww.braintreegateway.com\u002Fmerchants","gracePeriodDurationInDays":14,"mediumMembershipPlanId":{"monthly":"ce105f8c57a3","monthlyWithTrial":"d5ee3dbe3db8","yearly":"a40ad4a43185","yearlyStaff":"d74fb811198a","yearlyWithTrial":"b3bc7350e5c7"},"braintreeDiscountId":{"oneMonthFree":"MONTHS_FREE_01","threeMonthsFree":"MONTHS_FREE_03","sixMonthsFree":"MONTHS_FREE_06"},"3DSecureVersion":"2","defaultCurrency":"usd"},"paypalClientId":"AXj1G4fotC2GE8KzWX9mSxCH1wmPE3nJglf4Z2ig_amnhvlMVX87otaq58niAg9iuLktVNF_1WCMnN7v","paypal":{"host":"https:\u002F\u002Fapi.paypal.com:443","clientMode":"production","serverMode":"live","webhookId":"4G466076A0294510S","monthlyPlan":{"planId":"P-9WR0658853113943TMU5FDQA","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlan":{"planId":"P-7N8963881P8875835MU5JOPQ","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oneYearGift":{"name":"Medium Membership (1 Year, Digital Gift Code)","description":"Unlimited access to the best and brightest stories on Medium. Gift codes can be redeemed at medium.com\u002Fredeem.","price":"50.00","currency":"USD","sku":"membership-gift-1-yr"},"oldMonthlyPlan":{"planId":"P-96U02458LM656772MJZUVH2Y","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlan":{"planId":"P-59P80963JF186412JJZU3SMI","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"monthlyPlanWithTrial":{"planId":"P-66C21969LR178604GJPVKUKY","name":"Medium Membership (Monthly) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"yearlyPlanWithTrial":{"planId":"P-6XW32684EX226940VKCT2MFA","name":"Medium Membership (Annual) with setup fee","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"oldMonthlyPlanNoSetupFee":{"planId":"P-4N046520HR188054PCJC7LJI","name":"Medium Membership (Monthly)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed monthly."},"oldYearlyPlanNoSetupFee":{"planId":"P-7A4913502Y5181304CJEJMXQ","name":"Medium Membership (Annual)","description":"Unlimited access to the best and brightest stories on Medium. Membership billed annually."},"sdkUrl":"https:\u002F\u002Fwww.paypal.com\u002Fsdk\u002Fjs"},"stripePublishableKey":"pk_live_7FReX44VnNIInZwrIIx6ghjl","log":{"json":true,"level":"info"}},"session":{"xsrf":""}}</script><script>window.__APOLLO_STATE__ = {"ROOT_QUERY":{"__typename":"Query","meterPost({\"postId\":\"40be813022bb\",\"postMeteringOptions\":{\"referrer\":\"\",\"sk\":null,\"source\":null}})":{"__ref":"MeteringInfo:{}"},"postResult({\"id\":\"40be813022bb\"})":{"__ref":"Post:40be813022bb"}},"MeteringInfo:{}":{"__typename":"MeteringInfo","postIds":[],"maxUnlockCount":3,"unlocksRemaining":0},"User:43862af38199":{"id":"43862af38199","__typename":"User","name":"Liran Tal","username":"lirantal","newsletterV3":{"__ref":"NewsletterV3:f413753f9b3"},"customStyleSheet":null,"isSuspended":false,"bio":"🥑Developer Advocate @snyksec | @NodeJS Security WG | 🛰️ @jsheroes ambassador | Author of Essential Node.js Security | ❤️ #opensource #web ☕🍕🎸","imageId":"0*ZMQpe1aeH7IhRziC.","hasCompletedProfile":false,"isAuroraVisible":true,"mediumMemberAt":0,"socialStats":{"__typename":"SocialStats","followerCount":648,"followingCount":152,"collectionFollowingCount":17},"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"lirantal.medium.com","status":"ACTIVE","isSubdomain":true}},"hasSubdomain":true,"bookAuthor":null,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:43862af38199-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"homepagePostsConnection({\"paging\":{\"limit\":1}})":{"__typename":"PostConnection","posts":[{"__ref":"Post:e2f97fc88f53"}]},"postSubscribeMembershipUpsellShownAt":0,"allowNotes":true,"replyToEmailBannerShownCount":0,"twitterScreenName":"liran_tal","followedCollections":17,"referredMembershipCustomHeadline":"","referredMembershipCustomBody":"","atsQualifiedAt":1612205405504},"UserViewerEdge:userId:43862af38199-viewerId:lo_58068ea593bd":{"id":"userId:43862af38199-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"NewsletterV3:f413753f9b3":{"id":"f413753f9b3","__typename":"NewsletterV3","type":"NEWSLETTER_TYPE_AUTHOR","slug":"43862af38199","name":"43862af38199","collection":null,"user":{"__ref":"User:43862af38199"},"description":"","promoHeadline":"","promoBody":"","replyToEmail":"","showPromo":false,"subscribersCount":2},"Post:e2f97fc88f53":{"id":"e2f97fc88f53","__typename":"Post"},"Paragraph:5ffd5407b1be_0":{"id":"5ffd5407b1be_0","__typename":"Paragraph","name":"afd8","text":"A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_1":{"id":"5ffd5407b1be_1","__typename":"Paragraph","name":"3705","text":"Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the widely used event-stream package by user right9ctrl. Some time, and 8 million downloads later, applications all over the web were unwittingly running malicious code in production. We wrote some early thoughts on our blog last week, moments after the incident came to light, but are now able to perform a deeper post-mortem including a timeline of the events as they took place. Thanks go to many others who also investigated this issue, and in particular GitHub user maths22, who reverse engineered the malicious code.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":177,"end":187,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":603,"end":610,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":330,"end":366,"type":"A","href":"https:\u002F\u002Fsnyk.io\u002Fblog\u002Fmalicious-code-found-in-npm-package-event-stream","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":14,"end":24,"type":"EM","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_2":{"id":"5ffd5407b1be_2","__typename":"Paragraph","name":"a0ee","text":"What is the event-stream package?","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_3":{"id":"5ffd5407b1be_3","__typename":"Paragraph","name":"1ba2","text":"The event-stream package is a toolkit that provides utilities to creating and managing streams. Authored by Dominic Tarr (~dominictarr on npmjs), it is one of 422 packages he owns on npmjs. The event-stream package has a total of 84 releases, dating back to v0.5.2, in 2011, and having regular releases up until version 3.3.4, two years ago.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":122,"end":134,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":159,"end":171,"type":"A","href":"https:\u002F\u002Fwww.npmjs.com\u002F~dominictarr","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_4":{"id":"5ffd5407b1be_4","__typename":"Paragraph","name":"7db3","text":"Throughout event-steam’s total development, it received contributions from 33 different contributors, but most of its contributions were delivered in its early days and has only reviewed minor changes since then:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":75,"end":100,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fgraphs\u002Fcontributors","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_5":{"id":"5ffd5407b1be_5","__typename":"Paragraph","name":"714f","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*yO-HNQPj1qz2cgOY.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_6":{"id":"5ffd5407b1be_6","__typename":"Paragraph","name":"500c","text":"The project had received over 2000 stars, been forked 139 times and 62 GitHub users have signed-up for notifications on any changes happening in the project. The project was used by 3931 other packages (excluding scoped packages).","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_7":{"id":"5ffd5407b1be_7","__typename":"Paragraph","name":"f64f","text":"The Timeline of Events","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_8":{"id":"5ffd5407b1be_8","__typename":"Paragraph","name":"f29c","text":"Here is a timeline showing some of the major milestones in the project history, and the key moments during the malicious incident. We’ll look into each point on the timeline, and more, in detail below.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_9":{"id":"5ffd5407b1be_9","__typename":"Paragraph","name":"ccbd","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*invkHLtulBJ8BEYx.jpg"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_10":{"id":"5ffd5407b1be_10","__typename":"Paragraph","name":"fd61","text":"Chain of Events","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_11":{"id":"5ffd5407b1be_11","__typename":"Paragraph","name":"5105","text":"We’ll take a look at the chain of events which led up to the use of the malicious flatmap-stream package. These events were researched from public GitHub information, Google cache, and npm.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_12":{"id":"5ffd5407b1be_12","__typename":"Paragraph","name":"7f96","text":"31st July, 2015: GitHub user, devinus, comments on an issue on the event-stream project questioning whether a flatmap functionality would be welcomed, to which the package maintainer, dominictarr, replies positively stating that a user contribution would be accepted:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":30,"end":37,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":184,"end":195,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":39,"end":59,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fissues\u002F73","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":16,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_13":{"id":"5ffd5407b1be_13","__typename":"Paragraph","name":"8de6","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*hrLmJn1ag3_kk4MT.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_14":{"id":"5ffd5407b1be_14","__typename":"Paragraph","name":"ff1e","text":"We could speculate that the later to be discovered malicious user right9ctrl could well have used this information to plan and execute an elaborate social engineering attack on the project.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":66,"end":76,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_15":{"id":"5ffd5407b1be_15","__typename":"Paragraph","name":"8c4a","text":"August 5, 2018: a user who identified as “Antonio Macias” in npm created and published a non-malicious package called flatmap-stream.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":0,"end":15,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":41,"end":57,"type":"EM","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_16":{"id":"5ffd5407b1be_16","__typename":"Paragraph","name":"5106","text":"Next, Antonio Macias proposed that the event-stream project used in the flatmap package. GitHub user right9ctrl approached Dominic Tarr asking to assist with the project and to make the necessary changes to introduce the flatmap functionality, by pulling in the flatmap-stream dependency. Dominic accepted right9ctrl's offer and makes them a contributor to the event-stream GitHub project, as well as gave right9ctrl full npm publishing rights for the module on the npm ecosystem. Dominic later confirmed during the incident report that he no longer had any publishing rights for the module on npm to remedy the incident (i.e. by removing the infected 3.3.6 version from npm)","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":101,"end":111,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":306,"end":316,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":406,"end":416,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_17":{"id":"5ffd5407b1be_17","__typename":"Paragraph","name":"7e8c","text":"Soon after, a series of innocuous commits were pushed by right9ctrl to the event-stream GitHub repository:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":57,"end":67,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_18":{"id":"5ffd5407b1be_18","__typename":"Paragraph","name":"b1c0","text":"September 16, 2018: flatmap-stream was removed from the event-stream code in 908 and from the dependency tree in 2bd and released as a major version, 4.0.0","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":77,"end":80,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fcommit\u002F908fee5c65d4eb02809a84a1ebc3e5df1f935cd1","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":113,"end":116,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fcommit\u002F2bd63d58fe24367372690c29c7249ed1c7145601","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":19,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_19":{"id":"5ffd5407b1be_19","__typename":"Paragraph","name":"b293","text":"September 20, 2018: right9ctrl adds further cosmetic code changes that enhance the project's keywords in 60d to presumably further improve the search results on the official npmjs.com registry website","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":20,"end":30,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":105,"end":108,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fcommit\u002F60d0aa3def10c09ead68ee43804f244ffbd3b9c9","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":19,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_20":{"id":"5ffd5407b1be_20","__typename":"Paragraph","name":"e708","text":"October 5, 2018: a new minor version flatmap-stream@0.1.1 was released with the injection attack in its minified source code. Installations of event-stream will now also fetch the new infected 0.1.1 version of flatmap as a transient dependency.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":0,"end":16,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_21":{"id":"5ffd5407b1be_21","__typename":"Paragraph","name":"80b3","text":"There is no more evidence of any further work to the event-stream project by the right9ctrl user, whose profile has now been removed from GitHub and npm, although can still be accessed via Google cache for introspection:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":81,"end":91,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":176,"end":201,"type":"A","href":"https:\u002F\u002Fwebcache.googleusercontent.com\u002Fsearch?q=cache:Lyox1SZ96zAJ:https:\u002F\u002Fgithub.com\u002Fright9ctrl+&cd=1&hl=en&ct=clnk&gl=il","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_22":{"id":"5ffd5407b1be_22","__typename":"Paragraph","name":"c765","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*HvJWdPWRuzsb7t7h.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_23":{"id":"5ffd5407b1be_23","__typename":"Paragraph","name":"a870","text":"October 29, 2018: jaydenseric opened an issue against nodemon reporting an unexpected deprecation warning. This message is in line with OpenSSL's recommendation to use a more modern algorithm instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.scrypt() and to use crypto.createDecipheriv() to create the Decipher object.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":18,"end":29,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":203,"end":217,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":291,"end":306,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":318,"end":343,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":40,"end":61,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fremy\u002Fnodemon\u002Fissues\u002F1442","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":291,"end":343,"type":"A","href":"https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F19g1krCBUjjPyz7mkKT-xNoJXIG_PQYcZCm0HfcH8DnM\u002Fedit","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":17,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_24":{"id":"5ffd5407b1be_24","__typename":"Paragraph","name":"de08","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*EqTRck-pZLeebpKv.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_25":{"id":"5ffd5407b1be_25","__typename":"Paragraph","name":"cdf6","text":"November 19, 2018: NewEraCracker opened an issue against event-stream.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":19,"end":32,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":49,"end":69,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fremy\u002Fnodemon\u002Fissues\u002F1451","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_26":{"id":"5ffd5407b1be_26","__typename":"Paragraph","name":"e731","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*zfRMohqvUW-SCVXJ.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_27":{"id":"5ffd5407b1be_27","__typename":"Paragraph","name":"25fd","text":"November 19, 2018: NewEraCracker opened an issue against nodemon.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":19,"end":32,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":49,"end":65,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fremy\u002Fnodemon\u002Fissues\u002F1451","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":18,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_28":{"id":"5ffd5407b1be_28","__typename":"Paragraph","name":"032f","text":"","type":"IMG","href":null,"layout":"INSET_CENTER","metadata":{"__ref":"ImageMetadata:0*e1aKbPTeC3j6FXf0.png"},"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_29":{"id":"5ffd5407b1be_29","__typename":"Paragraph","name":"2a17","text":"November 20, 2018: FallingSnow suspects it's an injection attack.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":19,"end":30,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":31,"end":65,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fremy\u002Fnodemon\u002Fissues\u002F1442#issuecomment-440435714","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":18,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_30":{"id":"5ffd5407b1be_30","__typename":"Paragraph","name":"f391","text":"November 20, 2018: FallingSnow opens the issue against event-stream.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":19,"end":30,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":41,"end":68,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fissues\u002F116","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":18,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_31":{"id":"5ffd5407b1be_31","__typename":"Paragraph","name":"a421","text":"November 26, 2018: flatmap-stream package got removed from npm.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":0,"end":18,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_32":{"id":"5ffd5407b1be_32","__typename":"Paragraph","name":"8cc0","text":"November 27, 2018: Snyk published a blog post on the issue.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":36,"end":45,"type":"A","href":"https:\u002F\u002Fsnyk.io\u002Fblog\u002Fmalicious-code-found-in-npm-package-event-stream","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":18,"type":"STRONG","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_33":{"id":"5ffd5407b1be_33","__typename":"Paragraph","name":"41c8","text":"The Target: Copay","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_34":{"id":"5ffd5407b1be_34","__typename":"Paragraph","name":"ad2d","text":"Upon a more detailed inspection of the flatmap-stream code, we can see that this was a surgically targeted attack on Copay, a secure bitcoin wallet platform.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":117,"end":122,"type":"A","href":"https:\u002F\u002Fcopay.io\u002F","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_35":{"id":"5ffd5407b1be_35","__typename":"Paragraph","name":"3e5a","text":"The malicious flatmap-stream code was downloaded millions of times, and executed many million more. The attackers could have done countless evil things here. But instead, their strategy was to wait for the opportunity to be executed when the Copay app was being built. They succeeded, and were built into Copay versions 5.0.2 to 5.1.0.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_36":{"id":"5ffd5407b1be_36","__typename":"Paragraph","name":"e638","text":"The decryption code looked for the key in an environment variable named npm_package_description. This environment variable is set by npm in the root package’s description. It would be only be decrypted if the client application was the bitcoin wallet, Copay, which used the key to decrypt the payload as “A Secure Bitcoin Wallet”. The latter was found by maths22 as he brute forced various npm package descriptions.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":355,"end":362,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_37":{"id":"5ffd5407b1be_37","__typename":"Paragraph","name":"90c7","text":"To work this out, the user, maths22, enumerated over different npm package descriptions, using them as keys, to decrypt the payload. However this wasn't all, the second payload would execute upon running a specific build commands, essentially only when the ios, android, or desktop applications are being built.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":28,"end":35,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":37,"end":87,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Fissues\u002F116#issuecomment-441745006","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":206,"end":229,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fbitpay\u002Fcopay\u002Fblob\u002Fmaster\u002Fpackage.json#L70-L72","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_38":{"id":"5ffd5407b1be_38","__typename":"Paragraph","name":"60ac","text":"The third and final payload is JavaScript code that will be injected into another dependency, namely .\u002Fnode_modules\u002F@zxing\u002Flibrary\u002Fesm5\u002Fcore\u002Fcommon\u002Freedsolomon\u002FReedSolomonDecoder.js. This was then executed within the app itself, unlike the first two payloads which were executed during build time.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":101,"end":181,"type":"CODE","href":null,"anchorType":null,"userId":null,"linkMetadata":null},{"__typename":"Markup","start":4,"end":27,"type":"A","href":"https:\u002F\u002Fgist.github.com\u002Fjsoverson\u002F3df528d4f0be857fe03c32dafc56a486#file-payload-c-js","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_39":{"id":"5ffd5407b1be_39","__typename":"Paragraph","name":"8a9f","text":"The malicious code harvested Bitcoins along with the wallet private keys, if the wallet balance was above 100 Bitcoins or 1000 BHC (Bitcoin Cash). Copay issued the following advice to their users:","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_40":{"id":"5ffd5407b1be_40","__typename":"Paragraph","name":"c915","text":"Users should not attempt to move funds to new wallets by importing affected wallets’ twelve word backup phrases (which correspond to potentially compromised private keys). Users should first update their affected wallets (5.0.2–5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.","type":"BQ","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":0,"end":386,"type":"EM","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_41":{"id":"5ffd5407b1be_41","__typename":"Paragraph","name":"3b0b","text":"The further suggested that users “should assume” their private keys may have been compromised, and react by “immediately” moving any holdings to new, secure v5.2.0 wallets.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_42":{"id":"5ffd5407b1be_42","__typename":"Paragraph","name":"2bb1","text":"From the post-mortem of the events and the attack, we can see that this was a well planned and well executed attack, which was performed by professionals and likely took months of preparation.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_43":{"id":"5ffd5407b1be_43","__typename":"Paragraph","name":"50b9","text":"Conclusion","type":"H3","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_44":{"id":"5ffd5407b1be_44","__typename":"Paragraph","name":"a4ec","text":"The series of events that have been described in this blog are another reminder of how fragile the open-source model can be if not respected. If widely used packages, such as event-stream, were supported by just a small proportion of those who consume it, and take value from it, the malicious takeover could easily have been avoided. The event-stream package was included as a dependency all over the npm ecosystem, being included in at least 3931 packages as a dependency. Most notably, affecting top level packages such as: @vue\u002Fcli-ui, vscode, nodemon, and ps-tree.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":444,"end":448,"type":"A","href":"https:\u002F\u002Fgithub.com\u002Fdominictarr\u002Fevent-stream\u002Ffiles\u002F2616706\u002Fflatmap-deps-list.txt","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_45":{"id":"5ffd5407b1be_45","__typename":"Paragraph","name":"1784","text":"The malicious package could have even remained unnoticed if not for the deprecation message that caused Jayden Seric to open an issue on the nodemon package. Otherwise, it’s likely it would have not been found for a long time.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_46":{"id":"5ffd5407b1be_46","__typename":"Paragraph","name":"0898","text":"Snyk are are big advocates for responsible disclosure and practice security research as part of their security culture and have a history of collaboration with open source project maintainers.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[],"dropCapImage":null},"Paragraph:5ffd5407b1be_47":{"id":"5ffd5407b1be_47","__typename":"Paragraph","name":"ee1e","text":"If you discover a vulnerability that you would like to responsibly disclose Snyk would love to help if you send a responsible disclosure form.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":114,"end":141,"type":"A","href":"https:\u002F\u002Fsnyk.io\u002Fvulnerability-disclosure","anchorType":"LINK","userId":null,"linkMetadata":null}],"dropCapImage":null},"Paragraph:5ffd5407b1be_48":{"id":"5ffd5407b1be_48","__typename":"Paragraph","name":"90ac","text":"Originally published at https:\u002F\u002Fsnyk.io on December 6, 2018.","type":"P","href":null,"layout":null,"metadata":null,"hasDropCap":null,"iframe":null,"mixtapeMetadata":null,"markups":[{"__typename":"Markup","start":24,"end":39,"type":"A","href":"https:\u002F\u002Fsnyk.io\u002Fblog\u002Fa-post-mortem-of-the-malicious-event-stream-backdoor\u002F","anchorType":"LINK","userId":null,"linkMetadata":null},{"__typename":"Markup","start":0,"end":60,"type":"EM","href":null,"anchorType":null,"userId":null,"linkMetadata":null}],"dropCapImage":null},"ImageMetadata:0*yO-HNQPj1qz2cgOY.png":{"id":"0*yO-HNQPj1qz2cgOY.png","__typename":"ImageMetadata","originalHeight":855,"originalWidth":1200,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:0*invkHLtulBJ8BEYx.jpg":{"id":"0*invkHLtulBJ8BEYx.jpg","__typename":"ImageMetadata","originalHeight":537,"originalWidth":930,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:0*hrLmJn1ag3_kk4MT.png":{"id":"0*hrLmJn1ag3_kk4MT.png","__typename":"ImageMetadata","originalHeight":611,"originalWidth":1200,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:0*HvJWdPWRuzsb7t7h.png":{"id":"0*HvJWdPWRuzsb7t7h.png","__typename":"ImageMetadata","originalHeight":701,"originalWidth":1200,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:0*EqTRck-pZLeebpKv.png":{"id":"0*EqTRck-pZLeebpKv.png","__typename":"ImageMetadata","originalHeight":782,"originalWidth":1200,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:0*zfRMohqvUW-SCVXJ.png":{"id":"0*zfRMohqvUW-SCVXJ.png","__typename":"ImageMetadata","originalHeight":502,"originalWidth":1200,"focusPercentX":null,"focusPercentY":null,"alt":null},"ImageMetadata:0*e1aKbPTeC3j6FXf0.png":{"id":"0*e1aKbPTeC3j6FXf0.png","__typename":"ImageMetadata","originalHeight":653,"originalWidth":1200,"focusPercentX":null,"focusPercentY":null,"alt":null},"Tag:javascript":{"id":"javascript","__typename":"Tag","displayTitle":"JavaScript","normalizedTagSlug":"javascript"},"Tag:security":{"id":"security","__typename":"Tag","displayTitle":"Security","normalizedTagSlug":"security"},"Tag:web-development":{"id":"web-development","__typename":"Tag","displayTitle":"Web Development","normalizedTagSlug":"web-development"},"Tag:infosec":{"id":"infosec","__typename":"Tag","displayTitle":"Infosec","normalizedTagSlug":"infosec"},"ImageMetadata:1*OhJvFbB6stdz82QiCRfEcg.jpeg":{"id":"1*OhJvFbB6stdz82QiCRfEcg.jpeg","__typename":"ImageMetadata","focusPercentX":null,"focusPercentY":null},"CollectionViewerEdge:collectionId:76228560ba65-viewerId:lo_58068ea593bd":{"id":"collectionId:76228560ba65-viewerId:lo_58068ea593bd","__typename":"CollectionViewerEdge","isEditor":false},"Collection:76228560ba65":{"id":"76228560ba65","__typename":"Collection","name":"Techfare","description":"A view on t and t+n years","tagline":"A view on t and t+n years","domain":null,"slug":"techfare","isAuroraEligible":false,"isAuroraVisible":false,"viewerEdge":{"__ref":"CollectionViewerEdge:collectionId:76228560ba65-viewerId:lo_58068ea593bd"},"canToggleEmail":false},"UserViewerEdge:userId:9e56102890a3-viewerId:lo_58068ea593bd":{"id":"userId:9e56102890a3-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:9e56102890a3":{"id":"9e56102890a3","__typename":"User","name":"Edo Scalafiotti","username":"edoardo849","bio":"“Cooper, this is no time for caution!” I work for @AWSCloud & my opinions are my own","imageId":"0*TImRTgwiY9fsh4AF.jpeg","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:9e56102890a3-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":null,"hasSubdomain":false,"postSubscribeMembershipUpsellShownAt":0},"Post:231ced02d9":{"id":"231ced02d9","__typename":"Post","title":"Data ownership or the core of a company","mediumUrl":"https:\u002F\u002Fmedium.com\u002Ftechfare\u002Fon-data-strategy-or-what-organisations-must-do-to-win-in-the-digital-economy-231ced02d9","previewImage":{"__ref":"ImageMetadata:1*OhJvFbB6stdz82QiCRfEcg.jpeg"},"isPublished":true,"firstPublishedAt":1532282628538,"readingTime":8.275471698113208,"statusForCollection":"APPROVED","isLocked":false,"visibility":"PUBLIC","collection":{"__ref":"Collection:76228560ba65"},"creator":{"__ref":"User:9e56102890a3"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"ImageMetadata:1*_4N68uBxjHbuXqZKftyV-w.jpeg":{"id":"1*_4N68uBxjHbuXqZKftyV-w.jpeg","__typename":"ImageMetadata","focusPercentX":null,"focusPercentY":null},"CollectionViewerEdge:collectionId:eb7ed004d119-viewerId:lo_58068ea593bd":{"id":"collectionId:eb7ed004d119-viewerId:lo_58068ea593bd","__typename":"CollectionViewerEdge","isEditor":false},"Collection:eb7ed004d119":{"id":"eb7ed004d119","__typename":"Collection","name":"CybrQ Blog","description":"Pioneers of the Pre-Click Security approach. Bringing you sensible advice and cutting-edge tools to keep you safer online, one click at a time. Find out more at https:\u002F\u002FCybrQ.com","tagline":"Pioneers of the Pre-Click Security approach.","domain":null,"slug":"cybrq-blog","isAuroraEligible":false,"isAuroraVisible":false,"viewerEdge":{"__ref":"CollectionViewerEdge:collectionId:eb7ed004d119-viewerId:lo_58068ea593bd"},"canToggleEmail":false},"UserViewerEdge:userId:3206cc50494b-viewerId:lo_58068ea593bd":{"id":"userId:3206cc50494b-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:3206cc50494b":{"id":"3206cc50494b","__typename":"User","name":"CybrQ Staff","username":"cybrqstaff","bio":"Pioneers of the Pre-Click Security approach. Helping you know your risk online through intuitive, human-centered security. Find out more at https:\u002F\u002FCybrQ.com","imageId":"1*k8t2XMQHZSo30aGjiQrnIg.png","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:3206cc50494b-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":null,"hasSubdomain":false,"postSubscribeMembershipUpsellShownAt":0},"Post:fc10f0b4fdd8":{"id":"fc10f0b4fdd8","__typename":"Post","title":"Let’s Rethink False Positives","mediumUrl":"https:\u002F\u002Fmedium.com\u002Fcybrq-blog\u002Flets-rethink-false-positives-fc10f0b4fdd8","previewImage":{"__ref":"ImageMetadata:1*_4N68uBxjHbuXqZKftyV-w.jpeg"},"isPublished":true,"firstPublishedAt":1542818505991,"readingTime":3.158490566037736,"statusForCollection":"APPROVED","isLocked":false,"visibility":"PUBLIC","collection":{"__ref":"Collection:eb7ed004d119"},"creator":{"__ref":"User:3206cc50494b"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"ImageMetadata:1*zSKF8cUniXgdRPaNnU8Dmw.png":{"id":"1*zSKF8cUniXgdRPaNnU8Dmw.png","__typename":"ImageMetadata","focusPercentX":null,"focusPercentY":null},"UserViewerEdge:userId:6c8674f852c7-viewerId:lo_58068ea593bd":{"id":"userId:6c8674f852c7-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:6c8674f852c7":{"id":"6c8674f852c7","__typename":"User","name":"Dexcorefinance","username":"dexcorefinance","bio":"Dex core is a next-generation ERA of core","imageId":"1*qw_4smm433U4n8bnYjHgGw.png","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:6c8674f852c7-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"dexcorefinance.medium.com"}},"hasSubdomain":true,"postSubscribeMembershipUpsellShownAt":0},"Post:ffc470bbcc7":{"id":"ffc470bbcc7","__typename":"Post","title":"AIRDROP ANNOUNCEMENT","mediumUrl":"https:\u002F\u002Fdexcorefinance.medium.com\u002Fairdrop-announcement-ffc470bbcc7","previewImage":{"__ref":"ImageMetadata:1*zSKF8cUniXgdRPaNnU8Dmw.png"},"isPublished":true,"firstPublishedAt":1606160408920,"readingTime":0.8490566037735849,"statusForCollection":null,"isLocked":false,"visibility":"PUBLIC","collection":null,"creator":{"__ref":"User:6c8674f852c7"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"ImageMetadata:":{"id":"","__typename":"ImageMetadata","focusPercentX":null,"focusPercentY":null},"UserViewerEdge:userId:e66e670f53f7-viewerId:lo_58068ea593bd":{"id":"userId:e66e670f53f7-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:e66e670f53f7":{"id":"e66e670f53f7","__typename":"User","name":"Amelina Dagmar","username":"heroistic1966","bio":"","imageId":"1*dmbNkD5D-u45r44go_cf0g.png","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:e66e670f53f7-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"heroistic1966.medium.com"}},"hasSubdomain":true,"postSubscribeMembershipUpsellShownAt":0},"Post:775c2faf8fa":{"id":"775c2faf8fa","__typename":"Post","title":"{UPDATE} 4 Images 1 Mot Francais Hack Free Resources Generator","mediumUrl":"https:\u002F\u002Fheroistic1966.medium.com\u002Fupdate-4-images-1-mot-francais-hack-free-resources-generator-775c2faf8fa","previewImage":{"__ref":"ImageMetadata:"},"isPublished":true,"firstPublishedAt":1612287199593,"readingTime":0.7962264150943397,"statusForCollection":null,"isLocked":false,"visibility":"PUBLIC","collection":null,"creator":{"__ref":"User:e66e670f53f7"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"UserViewerEdge:userId:f5f9d0500d14-viewerId:lo_58068ea593bd":{"id":"userId:f5f9d0500d14-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:f5f9d0500d14":{"id":"f5f9d0500d14","__typename":"User","name":"Vicki","username":"capgtuavesober","bio":"Trouble shared is trouble halved","imageId":"1*HMoy049naFZPkmBfrWvTpA.jpeg","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:f5f9d0500d14-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"capgtuavesober.medium.com"}},"hasSubdomain":true,"postSubscribeMembershipUpsellShownAt":0},"Post:eb3ab8c7aa34":{"id":"eb3ab8c7aa34","__typename":"Post","title":"Crypto Random Osrng Winrandom","mediumUrl":"https:\u002F\u002Fcapgtuavesober.medium.com\u002Fcrypto-random-osrng-winrandom-eb3ab8c7aa34","previewImage":{"__ref":"ImageMetadata:"},"isPublished":true,"firstPublishedAt":1609100024609,"readingTime":1.788679245283019,"statusForCollection":null,"isLocked":false,"visibility":"PUBLIC","collection":null,"creator":{"__ref":"User:f5f9d0500d14"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"ImageMetadata:1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg":{"id":"1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg","__typename":"ImageMetadata","focusPercentX":null,"focusPercentY":null},"UserViewerEdge:userId:3aa0a693c340-viewerId:lo_58068ea593bd":{"id":"userId:3aa0a693c340-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"NewsletterV3:d97f390f12a9":{"id":"d97f390f12a9","__typename":"NewsletterV3","type":"NEWSLETTER_TYPE_AUTHOR","slug":"3aa0a693c340","name":"3aa0a693c340","collection":null,"user":{"__ref":"User:3aa0a693c340"}},"User:3aa0a693c340":{"id":"3aa0a693c340","__typename":"User","name":"Aoora.co","username":"aoora.official.01","newsletterV3":{"__ref":"NewsletterV3:d97f390f12a9"},"bio":"Welcome to our crypto family 🚀 Here we follow the latest trends in crypto and together we create one big organism that never stands still🔥","imageId":"1*1YWV6H1c_bv2VoXl6RUitQ.png","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:3aa0a693c340-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"customDomainState":null,"hasSubdomain":false,"postSubscribeMembershipUpsellShownAt":0},"Post:f251c223eefa":{"id":"f251c223eefa","__typename":"Post","title":"#weeklyRoadMap\nHi all!","mediumUrl":"https:\u002F\u002Fmedium.com\u002F@aoora.official.01\u002Fweeklyroadmap-hi-all-f251c223eefa","previewImage":{"__ref":"ImageMetadata:1*zM7zjSmMTC6uoUN2PZZZlQ.jpeg"},"isPublished":true,"firstPublishedAt":1639401594585,"readingTime":0.9320754716981132,"statusForCollection":null,"isLocked":false,"visibility":"PUBLIC","collection":null,"creator":{"__ref":"User:3aa0a693c340"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"UserViewerEdge:userId:4d3f10121d56-viewerId:lo_58068ea593bd":{"id":"userId:4d3f10121d56-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:4d3f10121d56":{"id":"4d3f10121d56","__typename":"User","name":"Juana Hettie","username":"doke1977","bio":"","imageId":"1*dmbNkD5D-u45r44go_cf0g.png","mediumMemberAt":0,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:4d3f10121d56-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"doke1977.medium.com"}},"hasSubdomain":true,"postSubscribeMembershipUpsellShownAt":0},"Post:f897b5a5c962":{"id":"f897b5a5c962","__typename":"Post","title":"{UPDATE} هجولة في الصحراء Hack Free Resources Generator","mediumUrl":"https:\u002F\u002Fdoke1977.medium.com\u002Fupdate-%D9%87%D8%AC%D9%88%D9%84%D8%A9-%D9%81%D9%8A-%D8%A7%D9%84%D8%B5%D8%AD%D8%B1%D8%A7%D8%A1-hack-free-resources-generator-f897b5a5c962","previewImage":{"__ref":"ImageMetadata:"},"isPublished":true,"firstPublishedAt":1612362480797,"readingTime":0.7433962264150943,"statusForCollection":null,"isLocked":false,"visibility":"PUBLIC","collection":null,"creator":{"__ref":"User:4d3f10121d56"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"ImageMetadata:1*C5AOQcpWW_aRUDFtWc4Asw.jpeg":{"id":"1*C5AOQcpWW_aRUDFtWc4Asw.jpeg","__typename":"ImageMetadata","focusPercentX":null,"focusPercentY":null},"UserViewerEdge:userId:49bf0b09a0c0-viewerId:lo_58068ea593bd":{"id":"userId:49bf0b09a0c0-viewerId:lo_58068ea593bd","__typename":"UserViewerEdge","isFollowing":false,"isUser":false},"User:49bf0b09a0c0":{"id":"49bf0b09a0c0","__typename":"User","name":"Diane Abela","username":"mail-28996","bio":"Information Security Professional — 28 year old from Malta — Leader — Writer — Reader","imageId":"2*P3ULsx6hjVafSeheYxG2vg.jpeg","mediumMemberAt":1582470557325,"isPartnerProgramEnrolled":false,"viewerEdge":{"__ref":"UserViewerEdge:userId:49bf0b09a0c0-viewerId:lo_58068ea593bd"},"viewerIsUser":false,"newsletterV3":null,"customDomainState":{"__typename":"CustomDomainState","live":{"__typename":"CustomDomain","domain":"mail-28996.medium.com"}},"hasSubdomain":true,"postSubscribeMembershipUpsellShownAt":0},"Post:3262d71156ee":{"id":"3262d71156ee","__typename":"Post","title":"Risk Management — Just another Buzzword?","mediumUrl":"https:\u002F\u002Fmail-28996.medium.com\u002Frisk-management-just-another-buzzword-3262d71156ee","previewImage":{"__ref":"ImageMetadata:1*C5AOQcpWW_aRUDFtWc4Asw.jpeg"},"isPublished":true,"firstPublishedAt":1582470882557,"readingTime":3.5839622641509434,"statusForCollection":null,"isLocked":false,"visibility":"PUBLIC","collection":null,"creator":{"__ref":"User:49bf0b09a0c0"},"previewContent":{"__typename":"PreviewContent","isFullContent":false}},"PostViewerEdge:postId:40be813022bb-viewerId:lo_58068ea593bd":{"id":"postId:40be813022bb-viewerId:lo_58068ea593bd","__typename":"PostViewerEdge","catalogsConnection":null},"Post:40be813022bb":{"id":"40be813022bb","__typename":"Post","creator":{"__ref":"User:43862af38199"},"canonicalUrl":"","collection":null,"content({\"postMeteringOptions\":{\"referrer\":\"\",\"sk\":null,\"source\":null}})":{"__typename":"PostContent","isLockedPreviewOnly":false,"validatedShareKey":"","bodyModel":{"__typename":"RichText","paragraphs":[{"__ref":"Paragraph:5ffd5407b1be_0"},{"__ref":"Paragraph:5ffd5407b1be_1"},{"__ref":"Paragraph:5ffd5407b1be_2"},{"__ref":"Paragraph:5ffd5407b1be_3"},{"__ref":"Paragraph:5ffd5407b1be_4"},{"__ref":"Paragraph:5ffd5407b1be_5"},{"__ref":"Paragraph:5ffd5407b1be_6"},{"__ref":"Paragraph:5ffd5407b1be_7"},{"__ref":"Paragraph:5ffd5407b1be_8"},{"__ref":"Paragraph:5ffd5407b1be_9"},{"__ref":"Paragraph:5ffd5407b1be_10"},{"__ref":"Paragraph:5ffd5407b1be_11"},{"__ref":"Paragraph:5ffd5407b1be_12"},{"__ref":"Paragraph:5ffd5407b1be_13"},{"__ref":"Paragraph:5ffd5407b1be_14"},{"__ref":"Paragraph:5ffd5407b1be_15"},{"__ref":"Paragraph:5ffd5407b1be_16"},{"__ref":"Paragraph:5ffd5407b1be_17"},{"__ref":"Paragraph:5ffd5407b1be_18"},{"__ref":"Paragraph:5ffd5407b1be_19"},{"__ref":"Paragraph:5ffd5407b1be_20"},{"__ref":"Paragraph:5ffd5407b1be_21"},{"__ref":"Paragraph:5ffd5407b1be_22"},{"__ref":"Paragraph:5ffd5407b1be_23"},{"__ref":"Paragraph:5ffd5407b1be_24"},{"__ref":"Paragraph:5ffd5407b1be_25"},{"__ref":"Paragraph:5ffd5407b1be_26"},{"__ref":"Paragraph:5ffd5407b1be_27"},{"__ref":"Paragraph:5ffd5407b1be_28"},{"__ref":"Paragraph:5ffd5407b1be_29"},{"__ref":"Paragraph:5ffd5407b1be_30"},{"__ref":"Paragraph:5ffd5407b1be_31"},{"__ref":"Paragraph:5ffd5407b1be_32"},{"__ref":"Paragraph:5ffd5407b1be_33"},{"__ref":"Paragraph:5ffd5407b1be_34"},{"__ref":"Paragraph:5ffd5407b1be_35"},{"__ref":"Paragraph:5ffd5407b1be_36"},{"__ref":"Paragraph:5ffd5407b1be_37"},{"__ref":"Paragraph:5ffd5407b1be_38"},{"__ref":"Paragraph:5ffd5407b1be_39"},{"__ref":"Paragraph:5ffd5407b1be_40"},{"__ref":"Paragraph:5ffd5407b1be_41"},{"__ref":"Paragraph:5ffd5407b1be_42"},{"__ref":"Paragraph:5ffd5407b1be_43"},{"__ref":"Paragraph:5ffd5407b1be_44"},{"__ref":"Paragraph:5ffd5407b1be_45"},{"__ref":"Paragraph:5ffd5407b1be_46"},{"__ref":"Paragraph:5ffd5407b1be_47"},{"__ref":"Paragraph:5ffd5407b1be_48"}],"sections":[{"__typename":"Section","name":"e393","startIndex":0,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null},{"__typename":"Section","name":"2e4e","startIndex":48,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null}]}},"customStyleSheet":null,"firstPublishedAt":1544117949000,"isIndexable":true,"isLocked":false,"isPublished":true,"isShortform":false,"layerCake":0,"primaryTopic":null,"title":"A Snyk’s Post-Mortem of the Malicious event-stream npm package backdoor","isMarkedPaywallOnly":false,"mediumUrl":"https:\u002F\u002Flirantal.medium.com\u002Fa-snyks-post-mortem-of-the-malicious-event-stream-npm-package-backdoor-40be813022bb","readingTime":6.261320754716981,"detectedLanguage":"en","wordCount":1381,"isLimitedState":false,"visibility":"PUBLIC","license":"ALL_RIGHTS_RESERVED","inResponseToPostResult":null,"allowResponses":true,"newsletterId":"","sequence":null,"tags":[{"__ref":"Tag:javascript"},{"__ref":"Tag:security"},{"__ref":"Tag:web-development"},{"__ref":"Tag:infosec"}],"topics":[{"__typename":"Topic","topicId":"d4e7f4144ac5","name":"Cybersecurity"},{"__typename":"Topic","topicId":"decb52b64abf","name":"Programming"}],"isNewsletter":false,"isPublishToEmail":false,"socialTitle":"","socialDek":"","noIndex":null,"curationStatus":null,"metaDescription":"","latestPublishedAt":1565280376707,"previewContent":{"__typename":"PreviewContent","subtitle":"Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the…"},"previewImage":{"__ref":"ImageMetadata:0*yO-HNQPj1qz2cgOY.png"},"clapCount":11,"postResponses":{"__typename":"PostResponses","count":0},"isSuspended":false,"pendingCollection":null,"statusForCollection":null,"lockedSource":"LOCKED_POST_SOURCE_NONE","pinnedAt":0,"pinnedByCreatorAt":0,"curationEligibleAt":1565280375506,"responseDistribution":"NOT_DISTRIBUTED","inResponseToEntityType":null,"internalLinks({\"paging\":{\"limit\":8}})":{"__typename":"InternalLinksConnection","items":[{"__ref":"Post:231ced02d9"},{"__ref":"Post:fc10f0b4fdd8"},{"__ref":"Post:ffc470bbcc7"},{"__ref":"Post:775c2faf8fa"},{"__ref":"Post:eb3ab8c7aa34"},{"__ref":"Post:f251c223eefa"},{"__ref":"Post:f897b5a5c962"},{"__ref":"Post:3262d71156ee"}]},"viewerEdge":{"__ref":"PostViewerEdge:postId:40be813022bb-viewerId:lo_58068ea593bd"},"collaborators":[],"translationSourcePost":null,"audioVersionUrl":"","seoTitle":"","updatedAt":1638832635045,"shortformType":"SHORTFORM_TYPE_LINK","structuredData":"","seoDescription":"","latestPublishedVersion":"5ffd5407b1be","isAuthorNewsletter":false,"voterCount":3,"recommenders":[],"content({})":{"__typename":"PostContent","isLockedPreviewOnly":false,"validatedShareKey":"","bodyModel":{"__typename":"RichText","paragraphs":[{"__ref":"Paragraph:5ffd5407b1be_0"},{"__ref":"Paragraph:5ffd5407b1be_1"},{"__ref":"Paragraph:5ffd5407b1be_2"},{"__ref":"Paragraph:5ffd5407b1be_3"},{"__ref":"Paragraph:5ffd5407b1be_4"},{"__ref":"Paragraph:5ffd5407b1be_5"},{"__ref":"Paragraph:5ffd5407b1be_6"},{"__ref":"Paragraph:5ffd5407b1be_7"},{"__ref":"Paragraph:5ffd5407b1be_8"},{"__ref":"Paragraph:5ffd5407b1be_9"},{"__ref":"Paragraph:5ffd5407b1be_10"},{"__ref":"Paragraph:5ffd5407b1be_11"},{"__ref":"Paragraph:5ffd5407b1be_12"},{"__ref":"Paragraph:5ffd5407b1be_13"},{"__ref":"Paragraph:5ffd5407b1be_14"},{"__ref":"Paragraph:5ffd5407b1be_15"},{"__ref":"Paragraph:5ffd5407b1be_16"},{"__ref":"Paragraph:5ffd5407b1be_17"},{"__ref":"Paragraph:5ffd5407b1be_18"},{"__ref":"Paragraph:5ffd5407b1be_19"},{"__ref":"Paragraph:5ffd5407b1be_20"},{"__ref":"Paragraph:5ffd5407b1be_21"},{"__ref":"Paragraph:5ffd5407b1be_22"},{"__ref":"Paragraph:5ffd5407b1be_23"},{"__ref":"Paragraph:5ffd5407b1be_24"},{"__ref":"Paragraph:5ffd5407b1be_25"},{"__ref":"Paragraph:5ffd5407b1be_26"},{"__ref":"Paragraph:5ffd5407b1be_27"},{"__ref":"Paragraph:5ffd5407b1be_28"},{"__ref":"Paragraph:5ffd5407b1be_29"},{"__ref":"Paragraph:5ffd5407b1be_30"},{"__ref":"Paragraph:5ffd5407b1be_31"},{"__ref":"Paragraph:5ffd5407b1be_32"},{"__ref":"Paragraph:5ffd5407b1be_33"},{"__ref":"Paragraph:5ffd5407b1be_34"},{"__ref":"Paragraph:5ffd5407b1be_35"},{"__ref":"Paragraph:5ffd5407b1be_36"},{"__ref":"Paragraph:5ffd5407b1be_37"},{"__ref":"Paragraph:5ffd5407b1be_38"},{"__ref":"Paragraph:5ffd5407b1be_39"},{"__ref":"Paragraph:5ffd5407b1be_40"},{"__ref":"Paragraph:5ffd5407b1be_41"},{"__ref":"Paragraph:5ffd5407b1be_42"},{"__ref":"Paragraph:5ffd5407b1be_43"},{"__ref":"Paragraph:5ffd5407b1be_44"},{"__ref":"Paragraph:5ffd5407b1be_45"},{"__ref":"Paragraph:5ffd5407b1be_46"},{"__ref":"Paragraph:5ffd5407b1be_47"},{"__ref":"Paragraph:5ffd5407b1be_48"}],"sections":[{"__typename":"Section","name":"e393","startIndex":0,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null},{"__typename":"Section","name":"2e4e","startIndex":48,"textLayout":null,"imageLayout":null,"backgroundImage":null,"videoLayout":null,"backgroundVideo":null}]}}}}</script><script>window.__MIDDLEWARE_STATE__={"session":{"xsrf":""},"cache":{"cacheStatus":"MISS","shouldUseCache":true}}</script><script src="https://cdn-client.medium.com/lite/static/js/manifest.68c44e1e.js"></script><script src="https://cdn-client.medium.com/lite/static/js/35565.71cd3bc0.js"></script><script src="https://cdn-client.medium.com/lite/static/js/main.e76d6dd7.js"></script><script src="https://cdn-client.medium.com/lite/static/js/45573.4354ed57.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/instrumentation.b36a3c7f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/reporting.7ffdf826.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/1752.a348f767.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7794.9590314e.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/8353.3bb2d559.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/80685.29e1bf85.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/11615.2fadd0d8.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/11034.d66e747e.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/90192.d7950368.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/79088.e4863540.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/19692.5d6b1ad8.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/81645.b955b7c8.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/95064.25d50b88.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/63303.b45636f0.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/88172.f30eccc2.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5850.b6744db4.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/70832.444ac173.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/7632.7d93c1e0.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/72776.c48f900b.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/50327.c2422d85.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/5055.78455feb.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/12249.8b9953b3.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/61781.e9beefe1.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/56590.76c8b773.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/26022.be74e11b.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/39592.714f1ecb.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/25537.90af5bce.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/33673.952ffdce.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/95972.996c4300.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/92397.168bdb90.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/62182.016e5c0a.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/68519.8dfbac07.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/45002.d12ac37f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/31142.7e55d860.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/989.c98c8a6f.chunk.js"></script>
<script src="https://cdn-client.medium.com/lite/static/js/Post.76a6c83b.chunk.js"></script><script>window.main();</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"6c25baca2962775f","token":"0b5f665943484354a59c39c6833f7078","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body></html>